Does cloud computing have a communication problem?

Confusion over responsibility is leading to cloud security weaknesses.
22 February 2019

Responsibility in the cloud is proving a challenge. Source: Shutterstock

As companies rapidly move their IT operations and data into the cloud, Oracle and KPMG’s Cloud Threat Report 2019 found that while progress is being made at steam, the ongoing transition is far from smooth sailing.

In the global survey of 450 cyber security and IT professionals from private and public sector organizations, the pair found a projected 3.5 times increase in the number of companies with more than half their data in the cloud from 2018 to 2020.

That’s because cloud services are no longer “nice-to-have tertiary elements of IT”, said the report, but are now serving as core functions essential to all aspects of business operations and well over two-thirds (71 percent) of companies say that their cloud data is sensitive— up from 50 percent last year.

As cloud computing becomes more central and the volume of sensitive data stored on it greater, however, IT stakeholders are becoming more nervous about their staffs’ handling of the technology— an issue compounded by confusion over responsibilities.

According to the report, 82 percent of cloud users have experienced security events due to confusion over the “shared responsibility model”. And while 91 percent have formal guidelines in place for cloud usage, 71 percent were confident these policies are being violated by employees, leading to instances of malware and data compromise.

In fact, 82 percent of cloud users claimed to have experienced security issues as a result of confusion over cloud shared responsibility models. That confusion doesn’t stop within the confines of the company, either; 90 percent of CISOs surveyed were confused about their role in securing Software as a Service (SaaS) versus the cloud service provider.

For those in the survey, detecting and reacting to threats was cited as the top security challenge among 38 percent, while just shy of a third (30 percent) said the inability of existing network security controls to provide visibility into cloud-resident server workloads was an obstacle.

“The world’s most important workloads are moving to the cloud, heightening the need for a coordinated, integrated and layered security strategy,” said Kyle York, Vice President of Product Strategy, Oracle Cloud Infrastructure.

For companies entering the cloud ecosystem, York recommended starting with a cloud platform built for security and utilizing artificial intelligence (AI) tools to automate the transfer and storage of data in the cloud safely.

As workforces become more mobile, however, and more devices and endpoints are added to the networks, automation tools are also in demand among 89 percent for network patching— ensuring all new endpoints are secure and existing ones are constantly up to date.