Trend Micro commissioned Sapio Research to interview 2565 decision makers in 28 countries, across several industry sectors, and from organizations of all sizes, with a focus on large enterprise.
“It’s a very positive sign that a majority of organizations around the world are embracing digital transformation and adopting the cloud,” said Mark Nunnikhoven, vice president of cloud research for Trend Micro. “But the survey findings also highlight the challenges remaining with understanding security in the cloud. Cloud adoption is not a ‘set it and forget it’ process, but takes ongoing management and strategic configuration to make the best security decisions for your business.”
The survey confirms a simple misconception that can lead to serious security consequences. While cloud infrastructure is secure, customers are responsible for securing their own data – which is the basis of the Shared Responsibility Model for cloud.
Nearly all (92%) of respondents say they are confident they understand their cloud security responsibility, but 97% also believe their cloud service provider (CSP) offers sufficient data protection.
Of those surveyed, only 55% of respondents use third-party tools to secure their cloud environments. This suggests that there may be significant coverage gaps and confirms that the shared responsibility is not understood. Trend Micro Research has found that misconfigurations are the number one risk to cloud environments, which can happen when companies don’t know their part of the Shared Responsibility Model.
The surveyed organizations seem to be confident in their cybersecurity posture in the cloud, as:
· 51% claim the acceleration in cloud migration has increased their focus on security best practices
· 87% believe they are fully or mostly in control of securing their remote work environment
· 83% believe they will be fully or mostly in control of securing their future hybrid workplace
Despite this confidence, many respondents also admitted to experiencing security related challenges:
· 45% said that security is a “very significant” or “significant” barrier to cloud adoption
· Setting consistent policies (35%), patching (33%), and securing traffic flows (33%) were cited as the top three day-to-day operational headaches of protecting cloud workloads
· Data privacy (43%), staff training (37%) and compliance (36%) were reported as significant barriers in migrating to cloud-based security tools
“The good news is that by using smart, automated security tools, organizations can migrate to the cloud headache-free, ensuring the privacy and safety of their data and overcoming skills shortages as they do,” Nunnikhoven added.
Security solutions for cloud environments rated most important to responding organizations were network protection (28%), Cloud Security Posture Management (26%) and Cloud Access Security Broker (19%) tools.