Sam Humphries, Security Strategist at Exabeam explains why the seismic shift to remote working has left businesses fearing for the safety of their data.
The COVID-19 pandemic has forced many businesses to significantly alter the way they operate, on a timescale that wasn’t of their choosing. For a significant proportion, the almost overnight nature of this change posed major data security issues, particularly for those with little-or-no cloud security tools in place beforehand. But now, several months into distributed working, are businesses faring any better?
An Exabeam survey of UK security practitioners, conducted July 2020, has identified a number of key trends that have emerged over the months of lockdown. The research suggests that while adoption rates for cloud security tools have increased exponentially, not all businesses are completely comfortable with them yet.
This article will look at some of these key findings and assess the impact they are likely to have on the global business sector, both now and in the future.
Remote working and the cloud
The need to support a remote workforce is significantly accelerating cloud migration.
In light of recent events, it comes as no surprise that the primary driver behind growing cloud migration is the massive shift to remote working that many businesses have been forced to make. While nearly all respondents (98 percent) had already begun migrating to cloud-based security products before the start of 2020, a massive 88 percent admit that their plans have been accelerated by the growing need to support a remote workforce.
Under such a tight time-frame, it goes without saying that not all migration plans will have been thoroughly thought through, resulting in questionable strategies that could potentially leave data vulnerable to opportunistic or planned cyber-attacks.
Amidst such a seismic shift, major concerns continue to linger. With so many migration plans being brought forward so quickly, pre-existing misgivings about the safety of cloud security tools continue to linger, or even grow. 86 percent of respondents still feel the move is risky, with 47 percent considering it to be ‘high risk.’
This is despite 87 percent considering themselves to be ‘well-equipped’ to orchestrate cloud-based migration, suggesting that even those in a strong position to migrate are being kept awake at night by the prospect of actually doing it.
Specific concerns related to moving security products to the cloud include:
- data privacy (56 percent)
- data sovereignty (41 percent)
- unauthorised access (31 percent)
- integration with other tools (31 percent)
- data outages (29 percent)
This demonstrates that it isn’t just one area of concern that the cloud security industry needs to work on if it wants to improve business confidence going forward, but rather a whole host of them.
Rise in cloud security tools
Cloud security tools are now being used to protect more sensitive data versus pre-lockdown. Almost half of the businesses questioned (44 percent) are now using cloud-based security products to protect their corporate financial information. This is a significant increase compared to a similar pre-lockdown study conducted in March 2020, when only 12 percent of businesses were protecting corporate financial information this way.
Global events between the two studies suggest that the trend towards remote working has forced many more businesses to put such information in the cloud when perhaps they would have preferred not to.
This isn’t the only kind of sensitive information being protected in such a way either, a significant proportion are also protecting customer information (50 percent) and personnel/HR files (36 percent) as well. Given the wide range of lingering misgivings related to cloud security, it’s surprising to see so many businesses entrust their most sensitive data to it in this way.
Cloud app visibility
Organisations are working hard to improve cloud app visibility. A key pillar of cloud security is event visibility, which must extend into every virtual cloud and cloud service used by an organisation to be effective. As such, despite concerns remaining, it’s very encouraging to see that almost four in five (79 percent) respondents have either good or very good visibility into their cloud applications.
Furthermore, 84 percent of organisations have significantly improved efforts to ensure better visibility into cloud-based applications in recent months. In fact, just over one quarter of those questioned, 26 percent, now believe they have ‘very good visibility’ into cloud-based applications, hopefully laying the foundation for improved trust in the technology going forward.
2020 has proved to be a landmark year for all the wrong reasons thus far. Back in January, very few could have predicted where we’d be in the summer. While many businesses had already begun their migration to the cloud long before Coronavirus became part of the global vernacular, the speed and intensity of the pandemic has forced a rapid revision in project timetables.
In some cases, many months, or even years’ worth of work have been condensed into just a few days/weeks. As such, it’s only natural for lingering misgivings about the safety of the cloud to remain. However, with event visibility improving all the time, confidence in cloud security should continue to rise, and with remote working looking to be a fixture for the foreseeable future, it’s something every business will have to get accustomed to.
Samantha Humphries is Security Strategist at Exabeam. Samantha has 20 years of experience in cyber security, and during this time has held a plethora of roles, one of her favorite titles being Global Threat Response Manager, which definitely sounds more glamorous than it was in reality. She has defined strategy for multiple security products and technologies, helped hundreds of organizations of all shapes, sizes, and geographies recover and learn from cyberattacks, and trained anyone who’ll listen on security concepts and solutions. In her current regeneration, she’s thoroughly enjoying being a part of the global product marketing team at Exabeam, where she has responsibility for EMEA, plus anything that has “cloud” in the name.
Sam’s a go-to person for data compliance related questions and has to regularly remind people that she isn’t a lawyer, although if she had a time machine she probably would be. She authors articles for various security publications and is a regular speaker and volunteer at industry events, including BSides, IPExpo, CyberSecurityX, Insider RIsk Summit, The Diana Initiative, and Blue Team Village (DEFCON).