Connect with us

Hi, what are you looking for?

HEADLINES

70% of APAC enterprises falsely believe that cloud providers’ security is sufficient

“Organisations need to recognise that cloud security is a shared responsibility,” said Elaine Liew, regional vice president for cloud security, Asia-Pacific at Palo Alto Networks.

IMAGE FROM PIXABAY.COM

Palo Alto Networks released a report that uncovers the truth about the state of cloud security among large enterprises across Asia-Pacific, including many cases where perception doesn’t match the reality of professionals who know best.

Conducted by Ovum Research, the report shows that large enterprises, defined as those with more than 200 employees, are not prepared for cloud-related cybersecurity threats, and more importantly, make the assumption that public clouds are by default secure. In fact, 70 percent of security decision-makers in large enterprises believe that security provided by cloud providers is sufficient to protect them from cloud-based threats.

“Organisations need to recognise that cloud security is a shared responsibility,” said Elaine Liew, regional vice president for cloud security, Asia-Pacific at Palo Alto Networks. “While cloud providers are responsible for the security of their infrastructure, the onus is on companies themselves to secure their data and applications stored in that infrastructure.”

Large Organisations Have Many Security Tools, but Lack a Unified View of Security

Advertisement. Scroll to continue reading.

Among the companies surveyed, three out of five (59%) operate with more than 10 security tools within their infrastructure to secure their cloud. However, having numerous security tools creates a fragmented security posture, adding further complexity to managing security in the cloud, especially if the companies are operating in a multi-cloud environment.

The multi-cloud approach creates a dangerous lack of visibility that is prevalent in 64 percent of large organisations surveyed, according to Andrew Milroy, head of advisory services, Asia-Pacific, Ovum.

“The ubiquity of multi-cloud deployments in large organisations calls for a unified view of all cloud-native services. It is ideal for organisations to have a central console that uses technologies such as artificial intelligence to help prevent known and unknown malware threats, and quickly remediate accidental data exposure when it arises,” said Milroy.

Large Organisations Lack Cloud Security Audits and Training

The need for automation is further underscored by the study, which revealed that large enterprises do not have enough time and resources to dedicate to cloud security audits and training.

Advertisement. Scroll to continue reading.

76 percent of organisations have either never conducted a security audit or do not do it on a yearly basis. Furthermore, a quarter of audits do not even include cloud assets and 65 percent of organisations conduct internal audits only. Besides audits, there is also inadequate cloud security training for both IT and non-IT staff. About 57 percent of organisations do not provide cybersecurity training to IT security employees on a yearly basis. It is, therefore, not surprising that staff outside of IT departments receive even less training – 74 percent of non-IT professionals do not receive cybersecurity training on a yearly basis.

Despite organisations’ inability to provide more frequent audits and security training for IT teams and employees, it is encouraging to see that almost half (49%) of the organisations surveyed use threat intelligence and analytics to identify new threats and take necessary action. Some 19 percent of the organisations have also equipped themselves with real-time threat monitoring capabilities.

In order to be truly secure in cloud environments, it is pertinent for organisations in Asia-Pacific to be cognisant of cloud security best practices, which include:

  • Building security into the cloud environment from the get-go; security should be an enabler to accelerate cloud adoption.
  • Developing consistent security policies across all types of cloud deployments, which can be implemented properly through the help of tools that provide a unified view of all cloud assets and the threats they face.
  • Allowing for frictionless deployment and easy scalability in multi-cloud environments, bridging the gap between highly controlled security teams and highly agile development teams.
  • Increasing audits and training for employees, both IT and non-IT.
  • Automating threat intelligence with natively integrated, data-driven, analytics-based approaches (leveraging machine learning/artificial intelligence) to avoid human error.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

"Given the Philippines' high exposure to cyber threats, it's important for both individuals and businesses to stay vigilant," said Adrian Hia, Managing Director for...

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

Advertisement