sb-nz logo
Story image

Businesses underutilising cloud security due to lack of education and training

Demand is high for cloud security access brokers (CASB), but more training and clear goals are needed to ensure companies get full effectiveness of products.

This is according to the Cloud Security Alliance’s (CSA) latest survey, commissioned by Proofpoint, The Evolution of the CASB.

The study queried more than 200 IT and security professionals from a variety of organisation sizes and locations, examined the expectations, technical implementations, and challenges of using cloud security access brokers (CASB).

The results show there are unrealised gaps between the rate of implementation or operation and the effective use of the capabilities within the enterprise, CSA states.

According to the report, while nearly 90% of the organisations surveyed are already using or researching the use of a CASB, half (50%) don’t have the staffing to fully utilise cloud security solutions, which could be remediated by working with top CASB vendors.

In addition, more than 30% of respondents reported having to use multiple CASBs to meet their security needs and just over one-third (34%) find solution complexities an inhibitor in fully realising the potential of CASB solutions.

Overall, CASB’s perform well for visibility and detecting behavior anomalies in the cloud but have yet to become practical as a tool for remediation or prevention.

Additionally, the report found that when it comes to utilising CASB’s, of those surveyed 83% have security in the cloud as a top project for improvement, and 55% use their CASB to monitor user behaviors, while 53% use it to gain visibility into unauthorised access.

Furthermore, 38% of enterprises use their CASB for regulatory compliance while just 22% use it for internal compliance; and 55% of total respondents use multi-factor authentication that is provided by their identity provider as opposed to a standalone product in the cloud (20%).

Cloud Security Alliance lead author and research analyst Hillary Baron says, "CASB solutions have been underutilised on all the pillars but in particular on the compliance, data security, and threat protection capabilities within the service.

"It’s clear that training and knowledge of how to use the products need to be made a priority if CASBs are to become effective as a service or solution."

Proofpoint vice president of product marketing Tim Choi says, "To overcome the gaps uncovered in this Cloud Security Alliance survey look for a solution that is part of a larger security portfolio and can effectively address the people-centric cloud security concerns on cloud account compromise, cloud data loss prevention, and cloud application compliance and visibility.

"It’s critical that the journey starts with clear goals in mind and prioritised objectives. In addition, identifying CASB solutions that provide a deployment model that can be operationalised in hours, not weeks leads to faster time to value."

Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Link image
What's new in Genetec Security Center 5.9
The platform supports physical security that empowers organisations with greater situational awareness.More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More