Cloud Security Report

+ Full Text

2019 Cloud Security Report

As organizations migrate more and more of their data and operations to the cloud, they must ensure that they maintain a robust cybersecurity posture. However, frequent breaches in the news seem to suggest that many companies are not prioritizing security to the degree that they should. To uncover the state of enterprise security in the cloud, Bitglass partnered with a leading cybersecurity community and surveyed IT professionals.

Awesome Mix 2019 Organizations’ leading cloud priorities have shifted over the past year. While defending against malware has ascended to the top spot, discovering unmanaged apps in use has fallen to number six. Despite a change in their order, the top three priorities from 2018 are each still in the top three in 2019. Finally, it is concerning that securing mobile devices isn’t a higher priority in light of recent Bitglass research which found that 85% of companies now enable bring your own device (BYOD).

1 . l o v x i m e m o s e w A 2018

2019

use n i s p p ance i jor a l a p m m o g c rin latory ware u

  1. Secu g e r ching st mal pps a n e i R a e . g r 2 a a malwa ending unmanaged t f s e e n d c i a n . 3 ering ing ag omplia v c d o vices n ions c y e t e s r i d a f o d r e t . u l a i 4 g l .1 D e i b u ing mo oud misconf g reg n use rations r i n i u c s h e c p s p a l 5.
  2. Re ting c ajor a misconfigu n m e v g e n i r r d
  3. p
  4. Secu nting clou vices ve de
  5. pre ing mobile d apps e g a r n u c a
  6. se g unm n i r e ov
  7. disc

Security in the Skies 67% of respondents believe cloud apps are as secure or more secure than on-premises apps—this is significantly higher than the 40% recorded in 2015. Despite this, 93% of respondents are at least moderately concerned about the security of the cloud. In other words, organizations know the cloud itself is highly safe, but are wrestling with their responsibility to use it securely.

How concerned are you about the security of the cloud: 3%

38%

When compared to on-prem apps, public cloud apps are:

4%

Not Concerned

18%

33%

32%

Slightly Concerned Moderately Concerned Very Concerned Extremely Concerned

37%

35%

A Galaxy in Need of Saving Organizations are moving workloads and data into the cloud, granting them greater productivity and flexibility, but increasing the likelihood of data leakage where proper security is not employed. As 45% of respondents store customer data in the cloud, 42% store employee data in the cloud, and 24% store intellectual property in the cloud, adopting the appropriate security measures is clearly critical.

What type of corporate data do you store in the cloud?

80 70 60

63%

50 45%

40

42%

38%

38%

30

33%

30% 24%

20

18%

10 5%

O

th

er

n io at

rm

In

lth

ea H

fo

ro

pe

rt

y

a at ua ct

lle te

Fi

In

te ra

lP

ia

lD

ic na

nc

In vo

D

& po

or C

C

on

tr

ac

ar M &

s

ts

ke

tin

g

D ps

ev D le Sa

es

a at

a at

a at O

ee

D

at oy pl Em

C

us

to

m

er

D

Em

ai

l

a

0

Weapons Systems Access control (52%) and anti-malware (46%) are the most-used cloud security capabilities. However, these and others—like single sign-on (26%) and data loss prevention (20%)—are still not deployed often enough. Additionally, as 66% of respondents said that traditional security tools don’t work or have limited functionality in the cloud, adopting appropriate cloud security solutions becomes even more critical. Fortunately, cloud access security brokers (CASBs) can provide many of these essential capabilities.

What security capabilities have you deployed in the cloud? 60 50

52% 46%

40

34%

30

30% 26%

20

25%

22%

22%

20%

19%

18%

10

tio

at

D

et

ec

em re Th al

or Be

ha

vi

D

n

t en

n an M g Lo

Lo at

a

ag

en ev Pr

ss

c ifi ec

Sp p-

Ap

tio

tio ot

Pr

nt oi dp

ec

cu Se

Si En

n

y rit

FA M

n gn -

O

AC le ng Si

Fi

re

w

al

ls

cr

/

yp

N

tio

ar al

M ti-

En

w

tr on An

C ss ce Ac

n

e

ol

0

Knowhere Your Data is Going Despite a slight increase since last year, a mere 20% of organizations have visibility over cross-app anomalous behavior. This is a critical requirement as only 25% of survey respondents are “single cloud” today. Unfortunately, corporate visibility over every other category decreased since 2018. This may be due to the growing number of cloud apps and personal devices over which IT struggles to gain visibility. While the high percentage of organizations that have visibility into user logins (69%) suggests that the first step of cloud security (identity management) has been taken, many organizations still lack visibility and control over what happens after authentication.

What do you have visibility into in the cloud? 2019

2018 User Logins

69%

File Downloads

57%

58%

File Uploads

55%

44%

DLP Policy Violations

38% 35% 20% 60%

56%

External Sharing

40%

80%

78%

40%

20%

0

46%

Shadow IT Usage

No Data

Cross-App Anomalous Behavior

15% 0

20%

40%

60%

80%

Holes in the Hull Since 2018, malware has emerged as the most concerning data leakage vector; it was selected by 27% of respondents. Conversely, unsanctioned cloud apps falling from 12% to 5% shows that organizations are becoming aware that there are data leakage threats greater than shadow IT. Concerns about app infrastructure fell from 21% in 2018 to 9% in 2019. At the same time, misconfigurations ascended from the middle of the pack (12%) to third place (20%). These stats highlight the growing awareness that the cloud itself is highly secure, but that organizations must use it in a safe fashion.

Which data leakage vector is most concerning for your organization? 2019 2018 27% 21%

Compromised Accounts

20%

Misconfigurations

3% 12%

Other

3% 10%

11%

Unsanctioned Cloud Apps

5%

15%

21%

Unsecured WiFi

7%

20%

12%

Unmanaged Devices

8%

25%

21%

App Infrastructure Vulnerabilities

9%

30%

14%

Malware

0

7% 0

10%

15%

20%

25%

30%

Defenses at the Ready Successfully defending against malware requires organizations to utilize a three-pronged strategy that encompasses devices (endpoint protection), the corporate network (secure web gateways), and the cloud. While a few cloud apps provide some built-in malware protections, most do not. As such, a combination of tools is necessary. Fortunately the use of CASBs for malware protection has increased from 20% in 2018 to 31% today. The use of agents to secure personal devices (which violates employee privacy and creates deployment challenges), decreased from 38% in 2018 to 30% in 2019. Blocking personal device access to corporate data (which hinders employee efficiency and flexibility), increased from 21% to 27%.

What anti-malware tools does your firm use to secure cloud data? 69%

Endpoint Protection

48%

Native App Protections

31%

Cloud Access Security Brokers

31%

Secure Web Gateways

How does your firm secure corporate cloud data on personal devices? 6% 10% 30%

Other Third-Party ATP Solutions

25% 9%

27%

None of the Above 0

10

20

30

40

50

60

70

27%

Agent-Based Tools Like MDM Block Personal Device Access to Data Use a Trusted Devices Model Grant Access to Any Device Apply DLP at Upload or Download

Tools for Saving the Galaxy Interestingly, cost is the leading concern for organizations evaluating cloud security providers. Other critical concerns include ease of deployment (46%), whether the solution is cloud native (45%), the ease with which cross-cloud security policies can be enforced (36%), and the solution’s ability to integrate with various cloud platforms (36%).

What do you look for in a cloud security provider? 55%

Cost Effectiveness

46%

Ease of Deployment

45%

Cloud Native

36%

Simple Cross-Cloud Policy Enforcement

36%

Integration with Cloud Platforms 0

10

20

30

40

50

60

Wrap-Up Maintaining a robust cybersecurity posture is crucial in today’s fast-paced world. Data is now being stored in more cloud apps and accessed by more devices than ever before. While some enterprises are prioritizing cloud security, many still need to rethink their approach to protecting data. Fortunately, there are cloud security solutions that can make the task incredibly simple.

About Bitglass Bitglass, the Next-Gen CASB company, is based in Silicon Valley with offices worldwide. The company’s cloud Phone: (408) 337-0190

security solutions deliver zero-day, agentless, data and threat protection for any app, any device, anywhere.

Email: info@bitglass.com

Bitglass is backed by Tier 1 investors and was founded in 2013 by a team of industry veterans with a proven

www.bitglass.com

track record of innovation and execution.