Regulatory compliance violations are among the top three biggest Cloud Application Security challenges for organizations, according to the CyberEdge Group’s ‘2020 Cyberthreat Defense Report’. Equally concerning are ‘Limitations of cloud service provider’s security tools’ which come in joint second place with ‘Loss or theft of data and intellectual property’, as the top concern for organizations moving their applications to the cloud.
The CyberThreat Defense Report, now in its seventh year, is a survey intended to provide deep insights into the minds of security professionals. It bases its findings on responses from qualified IT security professionals from across a wide range of industries and geographies and has become a staple among IT practitioners for helping them gauge what their IT security peers are thinking and doing. And while the survey was conducted in November 2019, before the COVID-19 pandemic took hold, the findings related to the perceptions and activities of IT security professionals in 2019 are valid.
As more and more organizations switch to cloud hosted Software-as-a-service (SaaS) applications, making sure to have the right security measures in place is paramount for making a confident transition. But as one of the top five takeaways from the report reveals, ‘the bad guys are more active than ever’. In 2019 the percentage of organizations affected by a successful cybersecurity attack jumped, for the first time in 3 years, from 78 to 80.7% with more than a third of organizations experiencing six or more successful attacks.
A lack of skilled IT security personnel also continues to be a problem for organizations with Compliance Auditors, one of the specific areas where organizations are experiencing a shortage of skilled workers. This skills shortage is perceived as the greatest barrier to establishing effective defenses along with low security awareness among employees. Respondents consider these barriers more serious than issues such as too much data to analyze, lack of management support and budget.
Regulatory Compliance in the Cloud
Moving your applications to the public cloud does not guarantee security and by default cannot guarantee regulatory compliance. The ‘shared responsibility model’ offered by cloud service providers does not mean that risks associated with cloud adoption are recognized as their fault. On the contrary, the risk is on the organization to ensure data and applications are secure.
By the same coin, when you transition to the cloud you do not transition responsibility for regulatory compliance. By migrating to the cloud, organizations can benefit from cloud services through greater efficiency, flexibility, and a lower cost of doing business. Even in multi-cloud and hybrid environments (where organizations combine their own and suppliers’ infrastructure) performance and cost benefits can be realized. But at a time when data protection regulations are tightening significantly organizations need to ensure that the data and applications they have moved to a cloud environment still comply with stringent data and technology regulations. Privacy mandates such as GDPR, PCI-DSS and CCPA all still apply to cloud computing and if your organization handles a lot of PII (personally identifiable data) moving to cloud computing could expose a compliance gap. If a breach occurs it is the organization who must answer to the regulator, suffer reputational damage and pay the hefty penalty for the breach not the cloud service provider.
Imperva’s Cloud Data Security solution addresses this challenge by offering compliance by default with pre-set security alerts and reporting capabilities driven by built in artificial intelligence and machine learning. Find out more about Cloud Data Security here.
Download the full 2020 Cyberthreat Defense Report here.