EDITOR’S QUESTION
Enterprise cloud usage more
unsecured than secured
70% of enterprises using Saas solutions have no
cybersecurity strategy in place to cope with any
incidents, answers Alessio Aceti at Kaspersky Lab.
W
ith the rapid
adoption of
cloud, what
are the upsides and
downsides for enterprises
in the near future?
S
wift adoption of cloud-based services
and a lack of well-defined security
strategies is leaving organisations
struggling to keep control of their data,
across a sprawling number of services and
applications. According to new research
from Kaspersky Lab, 35% of businesses
admit that they are unsure if certain pieces
of corporate information are stored on
company servers or on those of their cloud
providers. This makes the safeguarding
and accountability of data extremely hard
to achieve, putting its integrity at risk
and paving the way for potentially severe
security and cost implications.
With cloud services enabling companies
to take advantage of key technologies
to support day-to-day operations and
growth plans – without worrying about
maintenance or the hefty price tag – it’s
no surprise that 78% of businesses are
already using at least one Software-as-a-
Service SaaS based platform. The same
number 75% are also planning to move
more applications to the cloud in the
future. When it comes to IaaS, nearly half
49% of enterprises and 45% of SMBs are
looking to outsource IT infrastructure and
processes to third parties.
However, for many organisations,
the speed of adoption and lure of cost
and operational savings has been to the
Alessio Aceti, Head of Enterprise Business,
Kaspersky Lab.
detriment of security, with many using
cloud services with no strategy in place
for the security of their information.
Uncertainty around who is responsible for
the security of data in the cloud can often
35% of
businesses
admit they are
unsure if certain
corporate
information
is stored on
company
servers or on
those of their
cloud providers.
be the basis for this approach. Research
found that 7 out of 10, 70% businesses
using SaaS and cloud service providers
have no clear plan in place to deal with
security incidents which could affect
their partners. A quarter admit to not
even checking the compliance credentials
of their service provider, suggesting an
assumption that they will pick up the
pieces if something goes wrong.
However, with 42% of businesses
not feeling adequately protected from
incidents affecting their cloud service
provider and a quarter 24% of businesses
having experienced a security incident
affecting the IT infrastructure hosted
by a 3rd party, over the last 12 months
– a reliance on cloud providers alone to
provide complete protection could be a
risky strategy.
Businesses have to find ways to get the
cloud zoo under control. Every package
of data needs to be protected wherever it
happens to be at any one time. To do so,
companies need spotting anomalies within
their cloud infrastructures, and that can
only be achieved through a combination
of techniques including machine learning
and behavioural analytics.
This ability to identify and defend
against unknown threats is absolutely
fundamental to cloud infrastructure
security. Besides that, enabling visibility of
the cloud ecosystem and its cybersecurity
layer will give businesses a clear view
on where data resides and if its current
protection status meets corporate security
policies. Only this way business will
be able to tame the cloud zoo and have
complete control, no matter how much
and where data is stored.
49