SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Businesses underutilising cloud security due to lack of education and training
Wed, 12th Aug 2020
FYI, this story is more than a year old

Demand is high for cloud security access brokers (CASB), but more training and clear goals are needed to ensure companies get full effectiveness of products.

This is according to the Cloud Security Alliance's (CSA) latest survey, commissioned by Proofpoint, The Evolution of the CASB.

The study queried more than 200 IT and security professionals from a variety of organisation sizes and locations, examined the expectations, technical implementations, and challenges of using cloud security access brokers (CASB).

The results show there are unrealised gaps between the rate of implementation or operation and the effective use of the capabilities within the enterprise, CSA states.

According to the report, while nearly 90% of the organisations surveyed are already using or researching the use of a CASB, half (50%) don't have the staffing to fully utilise cloud security solutions, which could be remediated by working with top CASB vendors.

In addition, more than 30% of respondents reported having to use multiple CASBs to meet their security needs and just over one-third (34%) find solution complexities an inhibitor in fully realising the potential of CASB solutions.

Overall, CASB's perform well for visibility and detecting behavior anomalies in the cloud but have yet to become practical as a tool for remediation or prevention.

Additionally, the report found that when it comes to utilising CASB's, of those surveyed 83% have security in the cloud as a top project for improvement, and 55% use their CASB to monitor user behaviors, while 53% use it to gain visibility into unauthorised access.

Furthermore, 38% of enterprises use their CASB for regulatory compliance while just 22% use it for internal compliance; and 55% of total respondents use multi-factor authentication that is provided by their identity provider as opposed to a standalone product in the cloud (20%).

Cloud Security Alliance lead author and research analyst Hillary Baron says, "CASB solutions have been underutilised on all the pillars but in particular on the compliance, data security, and threat protection capabilities within the service.

"It's clear that training and knowledge of how to use the products need to be made a priority if CASBs are to become effective as a service or solution."

Proofpoint vice president of product marketing Tim Choi says, "To overcome the gaps uncovered in this Cloud Security Alliance survey look for a solution that is part of a larger security portfolio and can effectively address the people-centric cloud security concerns on cloud account compromise, cloud data loss prevention, and cloud application compliance and visibility.

"It's critical that the journey starts with clear goals in mind and prioritised objectives. In addition, identifying CASB solutions that provide a deployment model that can be operationalised in hours, not weeks leads to faster time to value."