If you don’t feel you’ve put enough effort in cloud security, you’re not alone.
A recent survey released by Telus found that Canadian organizations only set aside 34 per cent of their cybersecurity budgets for cloud security, while nearly all admit that if they had to do it all again, they would have spent more time security when they began their migration to the cloud, especially on threat and risk.
Respondents would have also spent more time on monitoring and detection, as well as threat prevention controls.
All this regret around cloud security may explain why the 511 cybersecurity professionals surveyed by Telus are planning to increase spending by 22 per cent in 2023. Conducted with IDC Canada, the survey spans a wide range of Canadian industries and organizations, with more than half identifying as very knowledgeable about cybersecurity, with the remainder identifying as knowledgeable.
While security knowledge ranks well among respondents, only 37 per cent of the organizations surveyed report having dedicated cloud security professionals, while nearly as many – 33 per cent – are finding that staffing for cloud security skillsets is the most difficult of all cloud specialties to find.
Not many – 14 per cent – are storing their most valuable data in the cloud, which aligns with the confidence in cloud security, as 57 per cent of organizations believe their cloud environments are very or completely secure, but only 38 per cent of respondents said their organizations uses multi-factor authentication (MFA) to secure their cloud environment.
Approximately one third of respondents cited a lack of tools to monitor, detect, and respond to cyber threats was a major gap in their cloud environments, while a whopping 89 per cent said their organization had experienced a cloud security incident. (An incident is defined as an event with the potential to compromise confidentiality, availability, and/or integrity of computer networks, systems, or data.)
On average, the Telus survey found that organizations had experienced four to five cloud security incidents a year, with nearly half of the most damaging incidents spreading to on-premises environments. These incidents could be attributed to misconfigurations, human error, and known vulnerabilities.
Not surprisingly, respondents are using more than one cloud service provider – the average was up to 8.5, with infrastructure-as-a-service providers such as Amazon AWS, Google Cloud Platform and Microsoft Azure being the most used.
The Telus report makes several recommendations for those responsible for security in their organization. Chief among them is to not underestimate the value of frameworks like NIST, ISO/IEC 27001 or others. Others include:
- Provide IT / security staff with comprehensive cloud security awareness training
- Enable and configure any included security controls offered by your cloud service provider
- Conduct regular security audits and assessments
- Deploy MFA
Given all the cloud providers organizations use as well as the challenges in finding security specialists, you might consider seeking out a managed service provider who can help you bolster your cloud security, improve your overall posture and help you adhere to the Telus survey recommendations.
- October 29, 2020
- Catagory cybersecurity
Improving security for remote workers should be a priority for IT teams
Improving security for remote workers will hopefully be an inevitable consequence of the Covid-19 pandemic, and despite the inherent challenges, it should be a priority for IT teams.
Recent reports by Cisco looking at the future of secure remote work and consumer privacy found that IT buyers had been caught off-guard by the sudden shift of employees working from home, but are now speeding up adoption of technologies to support remote work. A majority of the 3,000 IT decision makers surveyed by Cisco rate cybersecurity as extremely or more important than it had been before the beginning of pandemic.
Guaranteeing access, securely
The biggest challenge for all IT teams regardless of an organization’s size has been improving security for remote workers, although providing the necessary access to the applications and data they needed came first. It comes at a time when the average consumer also values security and privacy as a social and economic issue, according to Cisco.
However, the company’s own research found there was a lot of work to be done toward improving security for remote workers by IT teams as just over half were somewhat prepared for the accelerated transition earlier this year. Endpoints, including those owned by organization, were cited as being the most difficult to protect, according to the Cisco survey, followed by customer information and cloud systems with the ability to securely control access to the enterprise network being the biggest challenge.
Improving security for remote workers will no doubt continue to be an priority for IT teams, even post-pandemic, as some employees will continue to want the flexibility of working from home and organizations see continued benefits, including cost savings on office space, by not having everyone in a traditional office environment.
Digital transformation can lead to a more secure cloud infrastructure
While IT teams are likely to see some budget increases that will specifically support improving security for remote workers, there are many initiatives that can help improve overall cybersecurity posture for organizations that are already common steps in a digital transformation journey.
If you haven’t already, you should establish a cloud security strategy that’s part of a broader transition cloud infrastructure transition. This will indirectly go toward enhancing security for remote workers while allowing IT teams to have to worry less about on-premises systems that were unprepared for the sudden shift to remote work. While putting more applications and data the cloud come with their own cybersecurity challenges, they can scale better than on-premises solutions and provide the necessary flexibility for supporting a remote workforce.
The transition to the cloud should also include embracing new tools to stay secure, recognizing that IT teams still have some responsibility for securing cloud applications and data, even as the service provider has a role in securing systems, too. IT teams need visibility into cloud infrastructure as well as their on-premises deployments in a single interface.
At the same time, IT teams should consider what experts are calling “zero-trust security strategies.” A zero-trust approach assumes all users and endpoints could present a threat to the organization, so they must be able to prove they are trusted if they are to gain access to the enterprise network, applications and data.
You can be small and secure
For smaller organizations, improving security for remote workers is just as essential but can be challenge for their IT teams. A managed services provider with experience helping small and medium-sized business with their technology infrastructure can play a key role in accelerating their adoption of solutions that can support remote workers with robust security.
Sanjeev Spolia is CEO of Supra ITS
Latest Blogs
FAQ