39% of Organizations Point to IT Team for Security Incidents in the Cloud
January 2018 by Patrick LEBRETON
2018 Netwrix Cloud Security Report reveals companies also blame non-IT staff and cloud providers
Netwrix Corporation, provider of a visibility platform for user behavior analysis and risk mitigation in hybrid environments, today released the 2018 Netwrix Cloud Security Report. The headline concern with regard to cloud security is risk of unauthorized access (69%). When something does go wrong it is IT (39%), non-IT users (30%) or cloud providers (30%) who most shoulder the blame.
The key findings include:
The most common cloud security concerns remain the same: the risk of unauthorized access (69%), the risk of malware infiltrations (50%) and the inability to monitor the activity of their own employees in the cloud (39%).
45% of organizations perceive their own employees to be the biggest security risk. Even though the majority of attacks they experienced over the year were external, organizations blame their own IT staff (39%) and business users (33%) as much as or more than their cloud providers (33%).
Organizations are not ready to address the insider threat because they have only partial visibility into activity in their IT infrastructures, a situation that has not changed much since 2016. The share of organizations that have complete visibility into the activity of IT staff (28%), business users (17%), third parties with legitimate access (12%) and providers (9%) is low and needs to be improved.
Only 66% of surveyed IT teams have top management’s support for security initiatives for the cloud.
42% of the organizations are ready to embrace the cloud more fully, while 47% are not ready for one or more reasons. Even though 86% of organizations said in 2016 that they were not ready for a big cloud move, one year later, 31% of respondents say they are planning a complete migration to the cloud in the next five years.
The majority of organizations plan to start storing sensitive data in the cloud or move more data there. Mainly it is going to be customer (50%), employee (45%) and financial (37%) information.
Employee training (55%), enforcement of stricter security policies (53%) and deployment of vendor security solutions (39%) top the list of the urgent measures aimed at strengthening security.