Oracle Study: Data Security is keeping IT Pros awake at night

• IT professionals are 3X more concerned about the security of company financials and intellectual property than their home security
• 78 per cent of organizations use more than 50 discrete cybersecurity products to address security issues; 37 per cent use more than 100 cybersecurity products
• Organizations who discovered misconfigured cloud services experienced 10 or more data loss incidents in the last year
• Only 8 per cent of IT security executives state that they fully understand the cloud shared responsibility security model
• 87 per cent of IT professionals see AI/ML capabilities as a “must-have” for new security purchases

Data security is keeping IT pros awake at night, according to the third-annual Oracle and KPMG Cloud Threat Report 2020. The global study of 750 cybersecurity and IT professionals found that a patchwork approach to data security, misconfigured services and confusion around new cloud security models has created a crisis of confidence.

The report recommends organizations make security part of the business culture.

Data security is creating fear and trust issues for IT professionals

The study found that IT professionals are more concerned about the security of their company’s data than the security of their own home

• IT professionals are 3X more concerned about the security of company financials and intellectual property than their home security.
• 80 per cent of IT professionals are concerned that cloud service providers they do business with will become competitors in their core markets.
• 75 per cent of IT professionals view the public cloud as more secure than their own data centres
  • Yet 92 per cent of IT professionals do not trust their organization is well prepared to secure public cloud services.
• Nearly 80 per cent of IT professionals say that recent data breaches experienced by other businesses have increased their organization’s focus on securing data moving forward.

The Patchwork Problem

IT professionals are using a patchwork of different cybersecurity products to try and address data security concerns, but face an uphill battle as these systems are seldom configured correctly.

• 78 per cent of organizations use more than 50 discrete cybersecurity products to address security issues; 37 per cent use more than 100 cybersecurity products.
• Organizations that discovered misconfigured cloud services experienced 10 or more data loss incidents in the last year.
• 59 per cent of organizations shared that employees with privileged cloud accounts have had those credentials compromised by a spear-phishing attack.

The most common types of misconfigurations are:

• Over-privileged accounts (37 per cent)
• Exposed web servers and other types of server workloads (35 per cent)
• Lack of multi-factor authentication for access to key services (33 per cent)

The lift-and-shift of critical information to the cloud over the last couple of years has shown great promise, but the patchwork of security tools and processes has led to a steady cadence of costly misconfigurations and data leaks. Positive progress is being made, though

Steve Daheb, Senior Vice President, Oracle Cloud

New blind spots 

As the pace of cloud migration increases and enterprises move business-critical workloads to the cloud than ever before, this has created new blind spots as IT teams and cloud service providers work to understand their individual responsibilities in securing data.

This confusion has left IT security teams scrambling to address a growing threat landscape.

• Nearly 90 per cent of companies are using software-as-a-service (SaaS) and 76 per cent are using infrastructure-as-a-service today (IaaS); 50 per cent expect to move all their data to the cloud in the next two years.
• Shared responsibility security models are causing confusion; only 8 per cent of IT security executives state that they fully understand the shared responsibility security model.
• 70 per cent of IT professionals think too many specialized tools are required to secure their public cloud footprint

Security-First Model

The report calls for a “Security First Model” to address increasing data security concerns and trust issues stating cloud service providers and IT teams need to work together to build a security-first culture.

This includes hiring, training, and retaining skilled IT security professionals, and constantly improving processes and technologies to help mitigate threats in an increasingly expanding digital world.

“Adopting tools that leverage intelligent automation to help close the skills gap is on the IT spend roadmap for the immediate future and the C-level is methodically unifying the different lines of business with a security-first culture in mind.”

• 69 per cent of organizations report their CISO reactively responds and gets involved in public cloud projects only after a cybersecurity incident has occurred.
• 73 per cent of organizations have or plan to hire a CISO with more cloud security skills
• 88 per cent of IT professionals feel that within the next three years, the majority of their cloud will use intelligent and automated patching and updating to improve security.
• 87 per cent of IT professionals see AI/ML capabilities as a “must-have” for new security purchases in order to better protect against things like fraud, malware and misconfigurations.