REDWOOD SHORES, Calif. and NEW
YORK, Feb. 20, 2019
/PRNewswire/ -- Companies continue to move business critical
workloads and their most sensitive data to the cloud,
yet security challenges remain, according to the second annual
Oracle and KPMG Cloud Threat Report 2019 released today. The report
found that 72 percent of respondents feel the public cloud is more
secure than what they can deliver in their own data center and are
moving data to the cloud, but visibility gaps remain that can make
it hard for businesses to understand where and how their critical
data is handled in the cloud.
The survey also found a projected 3.5 times increase in the
number of organizations with more than half of their data in the
cloud from 2018 to 2020, and 71 percent of organizations indicated
that a majority of this cloud data is sensitive, up from 50 percent
last year. However, the vast majority (92 percent) noted they are
concerned about employees following cloud policies designed to
protect this data.
The report found that the mission-critical nature of cloud
services has made cloud security a strategic imperative. Cloud
services are no longer nice-to-have tertiary elements of IT—they
serve core functions essential to all aspects of business
operations. The 2019 report identified several key areas where the
use of cloud service can present security challenges for many
organizations.
- Confusion about the shared responsibility security model has
resulted in cybersecurity incidents. Eighty-two percent of
cloud users have experienced security events due to confusion over
the shared responsibility model. While 91 percent have formal
methodologies for cloud usage, 71 percent are confident these
policies are being violated by employees, leading to instances of
malware and data compromise.
- CISOs are too often on the cloud security sidelines.
Ninety percent of CISOs surveyed are confused about their role in
securing a Software as a Service (SaaS) versus the cloud service
provider environment.
- Visibility remains the top security challenge. The top
security challenge identified in the survey is detecting and
reacting to security incidents in the cloud, with 38 percent of
respondents naming it as their top challenge today. Thirty percent
cited the inability of existing network security controls to
provide visibility into cloud-resident server workloads as a
security challenge.
- Rogue cloud application use and lack of security controls
put data at risk. Ninety-three percent of respondents
indicated they are still dealing with "shadow IT" -- in which
employees use unsanctioned personal devices and storage or file
share software for corporate data. Half of organizations cited lack
of security controls and misconfigurations as common reasons for
fraud and data exposures. Twenty-six percent of organizations cited
unauthorized use of cloud services as their biggest cybersecurity
challenge today.
"The world's most important workloads are moving to the cloud,
heightening the need for a coordinated, integrated and layered
security strategy," said Kyle York,
vice president of product strategy, Oracle Cloud Infrastructure.
"Starting with a cloud platform built for security and applying AI
to safeguard data while also removing the burden of administrative
tasks and patching removes complexity and helps organizations
safeguard their most critical asset – their data."
"As organizations continue to transition their cyber security
thinking from strictly risk management to more of a focus on
business innovation and growth, it is important that enterprise
leaders align their business and cyber security strategies," said
Tony Buffomante, U.S. Leader of KPMG
LLP's Cyber Security Services. "With cloud services becoming an
integral part of business operations, there is an intensified need
to improve the security of the cloud and to integrate cloud
security into the organization's broader strategic risk mitigation
plans."
Additional Key Findings:
- Automation may improve chronic patching
problems: Fifty-one percent surveyed report patching has
delayed IT projects and 89 percent of organizations want to employ
an automatic patching strategy.
- Machine learning may help decrease threats:
Fifty-three percent are using machine learning to decrease overall
cyber security threats, while 48 percent are using a Multi-factor
Authentication (MFA) solution to automatically trigger a second
factor of authentication upon detecting anomalous user
behavior.
- Supply chain risk: Business-critical services must be
contained as supply chain compromise has led to the introduction of
malware in 49 percent of cases, followed by unauthorized access of
data in 46 percent of cases.
- Security events continue to increase while shared
responsibility confusion expands: Only 1 in 10 organizations
can analyze more than 75 percent of their security event data and
82 percent of cloud users have experienced security events due to
confusion over cloud shared responsibility models.
- Cloud adoption has expanded the core-to-edge threat
model: An increasingly mobile workforce accessing both on
premise and cloud-delivered applications and data dramatically
complicates how cybersecurity professionals must think about their
risk and exposure. In 2018, the number one area of investment was
training, but this year, training slipped to number two and was
replaced by edge-based security controls (e.g., WAF, CASB,
Botnet/DDoS Mitigation controls).
To find out more about the Oracle and KPMG Cloud Threat Report
2019, visit Oracle at the RSA Conference, March 4-8 in San
Francisco. (Booth #1559 – Moscone South).
About the Report
The Oracle and KPMG Cloud Threat
Report 2019 examines emerging cyber security challenges and risks
that businesses are facing as they embrace cloud services at an
accelerating pace. The report provides leaders around the globe and
across industries with important insights and recommendations for
how they can help ensure that cyber security is a critical business
enabler. The data in the report is based on a survey of 450 cyber
security and IT professionals from private and public-sector
organizations in North America
(United States and Canada), Western
Europe (United Kingdom),
and Asia (Australia, Singapore).
Additional Resources
- Download the Oracle and KPMG Cloud Threat Report 2019
- View the Infographic
- Learn more about Oracle Cloud Security
- Learn more about KPMG Cyber Security Services
- Connect with Oracle Cloud Security on Twitter, Facebook and via
Oracle Cloud Security Blog
- Connect with KPMG on Twitter and LinkedIn
About Oracle
The Oracle Cloud offers a
complete suite of integrated applications for Sales,
Service, Marketing, Human Resources, Finance, Supply Chain and
Manufacturing, plus Highly-Automated and Secure Generation 2
Infrastructure featuring the Oracle Autonomous Database. For
more information about Oracle (NYSE: ORCL), please visit us
at oracle.com.
About KPMG LLP
KPMG LLP, the audit, tax and
advisory firm (www.kpmg.com/us), is the independent U.S. member
firm of KPMG International Cooperative ("KPMG International"). KPMG
International's independent member firms have 197,000 professionals
working in 154 countries. KPMG International has been named a
Leader in the Forrester Research Inc. report, The Forrester
Wave™ Information Security Consulting Services Q3 2017. Learn more
at www.kpmg.com/us. Some or all of the services described
herein may not be permissible for KPMG audit clients and their
affiliates.
Trademarks
Oracle and Java are registered trademarks
of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
View original content to download
multimedia:http://www.prnewswire.com/news-releases/business-critical-cloud-adoption-growing-yet-security-gaps-persist-report-says-300798452.html
SOURCE Oracle