SaaS applications are supplanting traditional desktop software, and visibility into cloud workloads is a major problem, according to Symantec.
You’ve heard it for years—the future of business applications is mostly cloudy, and that brave new world has come to pass, as a 53% of enterprise compute workloads have now migrated to the cloud, according to Symantec’s Cloud Security Threat Report, published Monday, The report also finds 54% of respondents indicate their organization’s cloud security is not able to keep up with cloud applications.
To be fair, there is a lot to keep up with—93% of respondents indicate their organizations are storing data in more than one environment, with 69% of respondents still storing data on premises. “This heterogeneity makes it difficult to achieve visibility across applications and workloads,” the report notes, “ushering in a host of challenges that tax the expertise and bandwidth of IT staff and make some legacy cyber defense tools and processes obsolete.”
Symantec also notes that “the average organization believes its employees are using 452 cloud apps,” but Symantec contends the actual number is 1,807, which is a bidirectional problem at best. IT decision makers should be more aware of what third-party services are being used by employees, though throwing any web-based service in the category of cloud application dilutes the meaning of both “cloud” and “application.” Independent of these definitions, 93% of respondents indicated difficulties monitoring all cloud workloads.
SEE: Launching a career in cybersecurity: An insider’s guide (free PDF) (TechRepublic)
This underlies a perennial problem among IT staff—the increasing potential attack surface for which company data can be compromised is too large, with 49% of respondents indicating their cloud security is inadequate to deal with “all incoming alerts,” with 92% indicating a need to enhance their own skills, and 84% indicating a need to bring on more staff to handle the influx.
Keeping sensitive company data within security perimeters is the predominant issue among respondents, with 93% of respondents indicating they “grapple with users oversharing cloud files containing sensitive and compliance-related data, while on average 35% of cloud files are overshared,” according to the report. Further, 68% indicate they have seen direct or likely evidence that their data was made available on dark web marketplaces.
Symantec advocates creating governance strategy supported by a “Cloud Center of Excellence” to combat unsanctioned cloud usage, as well as embracing a zero-trust security model, use of automation and DevSecOps., as well as