According to Centrify, over half (58%) of UK businesses still aren’t utilising the cloud due to security concerns, but why doesn’t that figure seem to be shifting?
The research, conducted by independent polling agency Censuswide via a survey of 200 business decision makers in large- and medium-sized enterprises in the UK, also revealed that over one-third (35%) of the organisations who have adopted cloud are less than 80% confident that it is completely secure.
When questioned about security weaknesses in their companies, 45% of decision makers agreed that it is the increasing amount of machine identities and service accounts, such as those used by servers and applications, that are becoming the largest exposure point for their organisation.
Interestingly, the findings also revealed that more than one in four (28%) companies have already been targeted by a cloud hacking attempt since the start of the Covid-19 pandemic in early 2020, with more Covid related attacks still predicted to be on the horizon.
Most worryingly, despite continued requirements on enterprises for digital transformation and rapid innovation, almost one-third (31%) of business decision makers admitted that their development teams are more interested in getting around security than building it into the DevOps pipeline, posing a potentially grim cybersecurity outlook for 2021.
Kamel Heus, VP EMEA for Centrify commented, “Adapting to the Covid-19 pandemic has been a bumpy ride for many businesses and, in most cases, companies have had to adopt the public cloud in at least some capacity due to the level of scalability, availability, and efficiency it provides for distributed workforces.”
“Whilst the common misperception is that cloud security is quite different to that of on-premises infrastructure, it is by no means less secure if common security protocols are followed, and security controls are applied.”
“One core challenge posed by digital transformation is accurately verifying human and machine identities before granting access to systems, applications, and other high-value targets.
“Therefore, adopting cloud-ready privileged access management software is essential in protecting access to workloads in the public cloud, by granting access only when a requestor’s identity has been properly authenticated.”
Cloud providers have a responsibility to ensure, particularly as technology advances, to make their customers aware of how best to secure their cloud platforms. With skills shortages due to a lack of training and upskilling common place among IT departments, how they are expected to know what they’re doing is anybody’s guess.
Despite organisations being unable to decide who is responsible for cloud security in the first place, it’s probably time they decided sharpish to avoid a cybersecurity Armageddon – coming soon to a network near you.