Netwrix has published additional findings on cloud security challenges from its global 2021 Netwrix Cloud Data Security Report.
The top challenges to securing sensitive data in the cloud that were named by survey respondents were lack of IT staff (52%), insufficient budget (47%) and lack of cloud security expertise (44%). Employee negligence was cited by 38% of respondents, but just 17% chose malicious actions of insiders as an issue. This finding reflects reality, since only 10% of organisations reported data theft by employees.
These challenges are exacerbated by business demands for speedy digital transformation. Indeed, one in four respondents who work in an IT department said that executives put pressure on them to drive rapid digital transformation to the detriment of data security. This problem is especially critical for the CISOs who responded — 48% note that the organisation’s desire for growth hinders efforts to ensure data security in the cloud.
In an effort to overcome cloud security challenges, the top data security controls being deployed in the cloud are encryption (62%), auditing of user activity (58%) and cloud backups (58%). Moreover, 62% of respondents have already removed sensitive data from the cloud or are planning to do so — 14% more than in last year’s study.
Other survey findings include:
• Half of enterprise organisations (1,000+ users) listed lack of cloud security knowledge as a cloud security challenge
• 25% of organisations say that inconsistent tools and processes due to multiple workloads across different cloud platforms is a challenge to ensuring data security in the cloud
• 48% of CIOs are concerned about insufficient IT staff and lack of cloud security expertise in their departments
• Lack of budget is the top pain for 68% of CIOs
“To overcome cloud security staff, budget and skills shortages, organisations should consider investing in easy-to-use and scalable solutions that help address data security risks in the cloud. This should include solutions that can automatically identify and reduce exposure of sensitive content, automate change and configuration auditing, flag potentially harmful activity, and enable rapid incident detection and response,” said Ilia Sotnikov, Security Strategist & VP of User Experience at Netwrix. “The fact that IT leadership feels pressure from the business possibly highlights a lack of mutual understanding. CISOs and CIOs should accept that risk management is a business function and help the C-suite fully understand risk levels and the business impact of technology decisions.”