Cybersecurity company Netwrix has announced additional findings on cloud security challenges from its global 2021 Netwrix Cloud Data Security Report.
The top challenges to securing sensitive data in the cloud that were named by survey respondents were lack of IT staff (52%), insufficient budget (47%) and lack of cloud security expertise (44%). Employee negligence was cited by 38 per cent of respondents, but just 17 per cent chose malicious actions of insiders as an issue. Only 10 per cent of organisations reported data theft by employees.
These challenges are exacerbated by business demands for speedy digital transformation. One in four respondents who work in an IT department said that executives put pressure on them to drive rapid digital transformation to the detriment of data security. This problem is especially critical for the CISOs who responded, 48% note that the organisation's desire for growth hinders efforts to ensure data security in the cloud.
In an effort to overcome cloud security challenges, the top data security controls being deployed in the cloud are encryption (62%), auditing of user activity (58%) and cloud backups (58%). Moreover, 62% of respondents have already removed sensitive data from the cloud or are planning to do so, 14 per cent more than in last year's study.
Other survey findings include:
- Half of enterprise organisations (1,000+ users) listed lack of cloud security knowledge as a cloud security challenge.
- 25 per cent of organisations say that inconsistent tools and processes due to multiple workloads across different cloud platforms is a challenge to ensuring data security in the cloud.
- 48 per cent of CIOs are concerned about insufficient IT staff and lack of cloud security expertise in their departments.
- Lack of budget is the top pain for 68 per cent of CIOs.
Ilia Sotnikov, Security Strategist & VP of User Experience at Netwrix says: "To overcome cloud security staff, budget and skills shortages, organisations should consider investing in easy-to-use and scalable solutions that help address data security risks in the cloud. This should include solutions that can automatically identify and reduce exposure of sensitive content, automate change and configuration auditing, flag potentially harmful activity, and enable rapid incident detection and response.
"The fact that IT leadership feels pressure from the business possibly highlights a lack of mutual understanding. CISOs and CIOs should accept that risk management is a business function, and help the C-suite fully understand risk levels and the business impact of technology decisions."