Enterprises are moving their data to the cloud, but not everybody is certain that the cloud is as secure as it could be, according to the third annual report on cloud security from cybersecurity firm McAfee. This is due in part to the fact that one in four companies have been hit with cloud data theft. McAfee released its third annual report ahead of the RSA security conference in San Francisco this week. The survey polled 1,400 global information technology professionals in the fourth quarter. This years study demonstrates that there are firms ramping up cloud adoption and increasing investment to manage the risks, and conversely a larger number of organizations that are taking a more cautious approach, said Raj Samani, chief scientist at McAfee, in the report. The survey showed that 97 percent of companies use cloud services, either as a public cloud, private, or a combination of both, up from 93 percent a year ago. 83 percent store sensitive data in the cloud, but only 69 percent trust the public cloud to keep their data secure. About 83 percent of organizations that use the cloud have experienced at least one security incident. Common issues include lack of data visibility within cloud applications (30 percent), theft from a cloud applications by a malicious actor (26 percent), incomplete control over who can access sensitive data (25 percent), and shadow IT provisioning cloud applications outside IT visibility (23 percent). One in five companies have experience an advanced attack on their clouds. Companies with a cloud first strategy plan to migrate 80 percent of their information technology budget to the cloud in the next 12 months, compared to 18 months for those without. But the enthusiasm for the cloud is mixed. The number of professionals reporting a cloud first strategy has declined to 65 percent, compared to 82 percent a year ago. In fact, 40 percent of IT leaders are slowing cloud adoption due to a shortage of cybersecurity skills. McAfees survey of companies also found that fewer than 10 percent of companies anticipate decreasing cloud investment as a result of the European Unions new privacy law, the General Data Protection Regulation. For companies with up to 1,000 employees, the average number of cloud services being used is 25, and that number grows to 40 services for enterprises with more than 5,000 employees. McAfee also said today it is releasing McAfee Cloud Workload Security (CWS) v5.1, one of the core pillars of its McAfees Cloud Security Solution Portfolio. The new version will be available in the second quarter, and it identifies and secures Docker containers, workloads, and servers in public and private clouds. McAfee CSW v5.1 quarantines infected workloads and containers with one click thus reducing misconfiguration risk and increasing initial remediation efficiency by nearly 90 percent. McAfees survey said that containers have grown rapidly in popularity over the past few years, with around 80 percent of those surveyed using or experimenting with them. However, only 66 percent of organizations have a strategy to apply security to containers.
Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to a Monday report from McAfee. Of the 1,400 IT professionals surveyed worldwide, 97% said their organization is using some type of cloud service—up from 93% last year. However, those with a cloud-first strategy dropped from 82% in 2017 to 65% in 2018, the report found. The cybersecurity skills shortage has actually improved over last year, when 49% of IT leaders said that they were slowing cloud migrations, the report found. Interestingly, those with a cloud-first strategy were almost twice as likely to have slowed adoption than those without such a strategy. Private-only cloud operators were more likely to report experiencing skills shortages, and more likely to have slowed their adoption, which helps to explain the continued shift to hybrid cloud. Cloud migration decision tool (Tech Pro Research). It takes an average of six to nine months to fill a cybersecurity position, according to Barika Pace, a research director at Gartner, which means that cloud security efforts may be placed on hold for many companies, unless they turn to outside consultants or third-party security platforms. While 83% of IT professionals said they store sensitive data in the public cloud, only 69% said they trust the public cloud to keep their data secure. Cloud security issues are rampant: One in four organizations that use Infrastructure as a Service (IaaS) or Software as a Service (SaaS) have had their data stolen, according to the report. Meanwhile, one in five said they have experienced an advanced attack against their public cloud infrastructure. On average, 27% of IT security budgets are allocated to cloud security, the report found. This number is estimated to reach 37% by next year. And fewer than 10% of organizations on average anticipate decreasing their cloud investments as a result of the upcoming General Data Protection Regulation (GDPR) enforcement in the EU. The report recommends the following three best practices for organization to keep their cloud data safe: 1. Adopt DevSecOps processesOrganizations are twice as likely to have a strategy for securing containers and serverless computing when they have a DevSecOps function, the report found. Integrating development, QA, and security processes within the business unit or application team is crucial to operating at the speed today's business environment demands, the report stated. 2. Deploy automation and management toolsThese tools, such as Chef, Puppet, and Ansible, can help security professionals keep up with the volume and pace of cloud deployments, the report said. 3. Develop unified security, with centralized management across all cloud services and providersUsing multiple cloud management tools makes it easy to for something to slip through, the report noted. A unified management system across multiple clouds with an open integration fabric reduces complexity.