Companies don't think their cloud can keep up with security

(Image credit: Shutterstock)

More than half of enterprises believe that security can't keep up with cloud adoption according to Symantec's latest Cloud Security Threat Report (CSTR).

The cybersecurity company surveyed 1,250 security decision makers across the globe to compile its report which uncovered a number of insights on the shifting cloud security landscape.

Symantec discovered that enterprises have reached a tipping point with more than half (53 percent) of all enterprise compute workload now being done on the cloud. At the same time though, security practices are struggling to keep up and 54 percent of the enterprises surveyed indicate that their organization's cloud security maturity is not able to keep up with the rapid expansion of cloud apps.

Senior vice president of Cloud & Information Protection at Symantec, Nico Popp explained how moving to the cloud has left enterprises open to data breaches, saying:

“The adoption of new technology has almost always led to gaps in security, but we’ve found the gap created by cloud computing poses a greater risk than we realize, given the troves of sensitive and business-critical data stored in the cloud. 

"Data breaches can have a clear impact on enterprises’ bottom line, and security teams are desperate to prevent them. However, our 2019 CSTR shows it’s not the underlying cloud technology that has exacerbated the data breach problem – it’s the immature security practices, overtaxed IT staff and risky end-user behavior surrounding cloud adoption.” 

Cloud security

Symantec's research found that companies are struggling to modernize their security practices at the same pace which they adopt cloud services and 73 percent experienced a security incident due to immature practices. 

Lack of visibility into cloud workloads is the leading cause and an overwhelming majority of respondents (93 percent) reported issues with keeping tabs on all cloud workloads. For example, Symantec's research showed that companies estimate they use 452 cloud apps on average when the actual number is nearly four times higher at 1,807.

Immature security practices, including poor configuration and failing to use encryption or multi-factor authentication (MFA), are putting enterprises at an increased risk of insider threats which respondents ranked as the third biggest threat to cloud infrastructure.

Cloud adoption is also leading IT teams to become overtaxed and Symantec's report revealed that 25 percent of cloud security alerts go unaddressed. A majority (64%) of security incidents take place at the cloud level and more than half of respondents admitted that they can't keep up with security incidents.

Risky user behavior is another challenge faced by security teams and nearly one in three employees exhibit risky behavior in the cloud. This leads to sensitive data being stored improperly in the cloud which makes enterprises more susceptible to a data breach.

Cloud security is an issue that most organizations are currently facing and hopefully Symantec's report will shine further light on the issue.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.