Half of businesses don't have skills for proper cloud security

(Image credit: Image source: Shutterstock/everything possible)

Despite cloud being mainstream nowadays, most companies still struggle to manage its security, new research has found.

This is according to a new report by Claranet surveying IT decision-makers from companies with 1,000+ employees, which states that most companies have incomplete awareness of how their cloud security posture affects their overall IT security.

Commenting on the findings, Sumit (Sid) Siddarth, Director at Claranet Cyber Security said: “Businesses that have not engaged with cloud in some way are now few and far between, with hyperscalers having established a dominant position in the cloud market. Organisations are making significant progress with planning and carrying out these migrations, but our research has shown that there’s a very real danger of security being left behind as part of this process.

Cloud is used for virtually everything nowadays, including the storage of personally identifiable information (PII). A recent separate report claims a quarter of organisations has had at least one cyber security incident in the past 12 months. Among companies that store PII in the cloud, but did not classify the data, more than two thirds (68 per cent) have witnessed a security incident.

“The self-provisioning aspects of public cloud are beneficial in many ways, but they can also lure businesses into a false sense of security,” Siddarth continued.

“The big hyperscalers have a lot of sensible defaults to help guard against threats, but if internal IT teams without the requisite skills create these environments themselves, mistakes can still occur. We have already seen a number of security breaches due to insecure permissions set on cloud storage, be it S3 buckets or Azure blobs. Other examples include attackers compromising cloud infrastructure to spin up bitcoin mining rigs.”

Three quarters of organisations never find out who was behind the attack.

According to Siddarth, businesses need to re-evaluate their approach to both cloud and security, as well as to ensure they consider both – as part of the same ecosystem.

Image source: Shutterstock/everything possible