Businesses Struggle to Protect Sensitive Cloud Data According to New Oracle and KPMG Cloud Threat Report
Oracle and KPMG Cloud Threat Report
Despite defined security policies, 8 in 10 organizations worry about employee compliance and 4 in 10 say detecting and responding to cloud security incidents is a top cyber security challenge
In a recent survey of 450 global IT professionals conducted by Oracle (NYSE: ORCL) and KPMG LLP, results show that organizations are struggling to protect their data amidst a growing number of security breaches. The Oracle and KPMG Cloud Threat Report, 2018 found that 90 percent of information security professionals classify more than half of their cloud data as sensitive. Furthermore, 97 percent have defined cloud-approval policies, however, the vast majority (82 percent) noted they are concerned about employees following these policies.
For enterprises storing sensitive data in the cloud, an enhanced security strategy is key to monitoring and protecting that data. In fact, 40 percent of respondents indicate that detecting and responding to cloud security incidents is now their top cyber security challenge. As part of apparent efforts to address this challenge, 4 in 10 companies have hired dedicated cloud security architects, while 84 percent are committed to using more automation to effectively defend against sophisticated attackers.
“As organizations expand their cloud footprint, traditional security measures are unable to keep up with the rapid growth of users, applications, data, and infrastructure,” said Akshay Bhargava, vice president, Cloud Business Group, Oracle. “Autonomous security is critical when adopting more cloud services to easily deploy and manage integrated policies that span hybrid and multi-cloud environments. By using machine learning, artificial intelligence and orchestration, organizations can more quickly detect and respond to security threats, and protect their assets.”
“The pace of innovation and change in business strategies today necessitate flexible, cost-effective, cloud-based solutions,” said Tony Buffomante, U.S. Leader of KPMG LLP’s Cyber Security Services. “As many organizations migrate to cloud services, it is critical that their business and security objectives align, and that they establish rigorous controls of their own, versus solely relying on the cyber security measures provided by the cloud vendor.”
Additional Key Findings:
- Changing threat landscape poses challenges: Only 14 percent surveyed are able to effectively analyze and respond to the vast majority (75-100 percent) of their security event data.
- Cyber security spending on the rise: 89 percent surveyed expect their organization to increase cyber security investments in the next fiscal year.
- Inconsistency in cloud policies: 26 percent cited a lack of unified policies across disparate infrastructure as a top challenge.
- Rethinking cloud strategies and providers in the face of changing regulations: General Data Protection Regulation (GDPR) will impact cloud strategies and service provider choices, according to 95 percent of respondents who must comply.
- Mobile users are creating identity and access management (IAM) challenges organizations: 36 percent said mobile device and application use make IAM controls and monitoring more difficult.
- Automation can help: 29 percent surveyed are using machine learning on a limited basis, 18 percent do so extensively, and another 24 percent are now adding machine learning to existing security tools.
About the Report
The data in the Oracle and KPMG Cloud Threat Report, 2018 is based on a survey of 450 cyber security and IT professionals from private and public-sector organizations in North America (United States and Canada), Western Europe (United Kingdom), and Asia (Australia, Singapore).
Learn more about KPMG Cyber Security Services
© 2022 KPMG. KPMG Audit LLC, KPMG Tax and Advisory LLC and KPMG Valuation LLC, companies incorporated under the Laws of the Republic of Kazakhstan, member firms of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.