SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Data leakage concerns dominate cloud security perceptions - Bitglass report
Thu, 26th Nov 2020
FYI, this story is more than a year old

How secure is the public cloud? That's what many IT and security professionals are asking as data leakage becomes a pressing concern for organisations and their data protection strategies.

The Bitglass 2020 Cloud Security report revealed that 93% of surveyed IT and security professionals were ‘moderately to extremely concerned' about public cloud security, and many are struggling to get their heads around it.

According to the report, 45% of respondents believe that public cloud apps and software as a service (SaaS) provide similar levels of security to on-premise applications, while 27% believe cloud apps are less secure, and 28% believe they are more secure.

66% of respondents name data leakage as their top cloud security concern, while 63% name data privacy as a major concern, followed by accidental credential exposure (43%),  legal and regulatory compliance (42%), and incident response (42%).

Bitglass implied that one solution could be cloud data loss prevention (DLP) tools, however, a mere 31% actually use such tools.

Tools commonly deployed include access control (68%), antivirus, anti-malware and advanced threat protection (54%), multifactor authentication (47%), data encryption (45%) and firewalls or network access control (44%).

Other issues stem from the lack of ability to maintain visibility into the following areas: cross-app anomalous activity (81%), access to unmanaged apps (66%), external sharing (55%), DLP policy violations (50%), file uploads (50%), file downloads (45%), and user logins (28%).

“This does not bode well for the average enterprise's cloud security posture. Additionally, 81% of companies cannot identify cross-application anomalous activity, something which will continue to grow in importance as organisations increasingly expand their cloud footprints,” the report states.

While 82% of respondents acknowledge that legacy tools aren't the best choice for cloud environments, 79% say it would be helpful to use a consolidated security platform.

“To address modern cloud security needs, organisations should leverage multi-faceted security platforms that are capable of providing comprehensive and consistent security for any interaction between any device, app, web destination, on-premises resource, or infrastructure,” explains Bitglass CTO Anurag Kahol.

The report suggests that security platforms should provide:

  • Identity management capabilities like single sign-on and multifactor authentication that can verify users' identities anywhere
  • Data loss prevention functionality designed to prevent leakage across the cloud, the web, and on premises 
  • Advanced threat protection that leverages behaviour-based protections to scan for threats at upload, at download, and at rest 
  • An agentless option for securing personal devices that respects end-user privacy while enforcing granular, intelligent protections.