Only 14% of enterprises say they can respond ‘effectively’ to security events

Oracle takes cloud market share

Only 14% of enterprises say they can respond “effectively” to security events, according to a new study. 

The changing threat landscape presents many new and complex challenges which businesses are finding difficult to deal with. Around 450 global IT professionals were questioned for the survey, which was conducted by Oracle and KPMG.

They say the results show that organisations are “struggling to protect their data amidst a growing number of security breaches”.

The Oracle and KPMG Cloud Threat Report, 2018 found that 90 per cent of information security professionals classify more than half of their cloud data as “sensitive”. Furthermore, 97% have defined cloud-approval policies.

However, the vast majority (82%) noted they are “concerned” about employees following these policies. For enterprises storing sensitive data in the cloud, an enhanced security strategy is key to monitoring and protecting that data.

The report found that around 40% of respondents indicated that detecting and responding to cloud security incidents is now their top cyber-security challenge.

As part of apparent efforts to address this challenge, four in 10 companies have hired dedicated cloud security architects, while 84% are committed to using more automation to effectively defend against sophisticated attackers.

Akshay Bhargava, vice president, cloud business group, Oracle, says: “As organisations expand their cloud footprint, traditional security measures are unable to keep up with the rapid growth of users, applications, data, and infrastructure. Autonomous security is critical when adopting more cloud services to easily deploy and manage integrated policies that span hybrid and multi-cloud environments.

“By using machine learning, artificial intelligence and orchestration, organisations can more quickly detect and respond to security threats, and protect their assets.”

Tony Buffomante, US leader of KPMG cyber-security services, says: “The pace of innovation and change in business strategies today necessitate flexible, cost-effective, cloud-based solutions.

“As many organisations migrate to cloud services, it is critical that their business and security objectives align, and that they establish rigorous controls of their own, versus solely relying on the cyber-security measures provided by the cloud vendor.”

Additional key findings and recommendations of the Oracle and KPMG report include:

  • Changing threat landscape poses challenges: Only 14% surveyed are able to effectively analyse and respond to the vast majority (75-100%) of their security event data.
  • Cyber-security spending on the rise: 89% surveyed expect their organisation to increase cyber-security investments in the next fiscal year.
  • Inconsistency in cloud policies: 26% cited a lack of unified policies across disparate infrastructure as a top challenge.
  • Rethinking cloud strategies and providers in the face of changing regulations: General Data Protection Regulation will impact cloud strategies and service provider choices, according to 95% of respondents who must comply.
  • Mobile users are creating identity and access management challenges organisations: 36% said mobile device and application use make IAM controls and monitoring more difficult.
  • Automation can help: 29% surveyed are using machine learning on a limited basis, 18% do so extensively, and another 24% are now adding machine learning to existing security tools.

Oracle and KPMG say the 450 cyber-security and IT professionals questioned for the report were from private and public-sector organisations in the US, Canada, Europe and Asia.