As cloud use rises among payers, so do cybersecurity concerns
Most organizations are in the process of transitioning to the cloud, and this is making it difficult for IT departments to monitor security.
That’s according to the latest report from cybersecurity firm, Symantec. The security vendor’s most recent report follows findings last year from Gartner that predicted the use of the cloud would be mainstream among health payers within the next four years.
Enterprises must realign—and in some cases—reinvent their security programs for this new reality, according to Symantec’s recently released inaugural Cloud Security Threat Report, “Adapting to the New Reality of Evolving Cloud Threats.”
For its report, Symantec interviewed 1,250 security decision makers from 11 countries this past spring to understand the changing cloud security landscape and to gauge the maturity of security practices. The report compares and contrasts the perceptions vs. realities of cloud security.
“What we found was eye opening and often quite alarming,” says Kevin Haley, Symantec’s director of security technology and response. Findings from the survey show that 93 percent of those surveyed are storing data in more than one environment.
Symantec’s research indicates that enterprises have reached a tipping point, with 52 percent of workloads in the cloud and 54 percent of those interviewed saying they can't keep their cloud security up.
“The cloud has always had inherent security advantages—but the reality is, this fast-growing platform is bound to see a proportionate increase in security incidents,” says Jim Reavis, co-founder and CEO of the Cloud Security Alliance.
However, there are many solutions that address cloud security threats, and they can be effective when combined with the right mix of technology, process and an educated workforce, Reavis says. “The bad news is that many organizations are not aware of the full magnitude of their cloud adoption, the demarcation of the shared responsibility model and are inclined to rely on outdated security best practices.”
Reavis contends the cloud is the center of IT and, increasingly, the foundation for cybersecurity. “Understanding how threat vectors are shifting in the cloud is fundamental to making the necessary updates to your security program and strategy,” he adds.
According to the survey, the main reasons for cybersecurity issues related to the cloud are:
- Confidence is low, with 69 percent of respondents believing that their data is already for sale on the dark web.
- Overtaxed IT staff, with 25 percent of cloud security alerts going unaddressed.
- Immature security practices, with 75 percent of those surveyed reporting having experiencing a security incident.
- Lack of visibility, companies actually use four times the number of cloud-based apps than their IT departments are aware of.
Haley said CIOs should use these numbers to approach a board to get buy-in on the severity of the situation. It’s hard for IT staff to talk to their executives and boards about these problems, but it’s important to know that it’s a shared responsibility. If leadership and the IT department aren’t sharing cybersecurity, they’re going to fail, he says.
Haley also notes that best practices for end users hasn’t really changed in 10 to 20 years, because end users still haven’t mastered the basics. “They’re still struggling with getting those done,” he adds.
Find Symantec’s new report here.