Tuesday, 02 July 2019 11:36

Symantec finds over 50% of enterprises 'believe security can't keep up with cloud adoption'


Symantec has released its latest "Cloud Security Threat Report" which finds "cloud security exacerbated by immature security practices, overtaxed IT staff and risky end-user behaviour".

The latest Symantec 2019 Cloud Security Threat Report has revealed that enterprises are struggling to keep up with the rapid expansion of cloud within their businesses.

The company surveyed 1250 security decision-makers across the globe, with the report uncovering "insights on the shifting cloud security landscape, finding enterprises have reached a tipping point: more than half (53%) of all enterprise compute workload has been migrated to the cloud".

However, security practices are struggling to keep up – over half (54%) of enterprises indicate their organisation's cloud security maturity is not able to keep up with the rapid expansion of cloud apps.

Headline stats from the report (which is explored in more detail below) are as follows: 

  • Seventy-three percent of respondents experienced a security incident due to immature security practices;
  • Ninety-three percent report issues with keeping tabs on all cloud workloads;
  • Eighty-three percent feel they do not have processes in place to be effective in acting on cloud security incidents and 25% of cloud security alerts go unaddressed; and
  • Ninety-three percent say oversharing is a problem, estimating that more than a third of files in the cloud should not be there

Nico Popp, senior vice-president, Cloud & Information Protection, Symantec, said: "The adoption of new technology has almost always led to gaps in security, but we’ve found the gap created by cloud computing poses a greater risk than we realise, given the troves of sensitive and business-critical data stored in the cloud.

"In fact, our research shows that 69% of organisations believe their data is already on the Dark Web for sale and fear an increased risk of data breaches due to their move to cloud.

“Data breaches can have a clear impact on enterprises’ bottom line, and security teams are desperate to prevent them. However, our 2019 CSTR shows it’s not the underlying cloud technology that has exacerbated the data breach problem – it’s the immature security practices, overtaxed IT staff and risky end-user behaviour surrounding cloud adoption.”

Security modernisation isn’t keeping pace with the cloud

Symantec notes that "companies are struggling to modernise their security practices at the same pace that they adopt cloud – 73% experienced a security incident due to immature practices. Lack of visibility into cloud workloads is the leading cause – an overwhelming majority of survey respondents (93%) report issues with keeping tabs on all cloud workloads".

For example, Symantec’s research found that "while companies est;imate they use 452 cloud apps on average, the actual number is nearly four times higher, at 1807.

"As a result of these immature practices, including poor configuration or failing to use encryption or multi-factor authentication (MFA), enterprises are facing an increased risk of insider threats – ranked by respondents as the third biggest threat to cloud infrastructure. CSTR data shows that 65% of organisations fail to implement MFA in IaaS configurations and 80% don’t use encryption."

Complexity is taking a toll

With cloud adoption introducing increased complexity in how IT is deployed – now across public cloud, private cloud, hybrid, on-prem – and where data needs to be secured, Symantec said: "IT teams are becoming overtaxed

"Given this, it’s not surprising that the CSTR revealed 25% of cloud security alerts go unaddressed. A majority (64%) of the security incidents occur at the cloud level, and more than half of respondents admit they can’t keep up with security incidents. What’s more, the future looks foggy – 83% feel they do not have processes in place to be effective in acting on cloud security incidents."

Risky behaviours run rampant

"One of the biggest challenges for security teams attempting to get a handle on the cloud is rampant risky user behaviour. According to CSTR respondents, nearly one in three employees exhibit risky behaviour in the cloud, and Symantec’s own data shows 85% are not using best security practices

"As a result of these risky behaviours, sensitive data is frequently stored improperly in the cloud, making enterprises more susceptible to breach; 93% of CSTR respondents say oversharing is a problem, estimating that more than a third of files in the cloud should not be there.

"Additionally, the cloud is not immune to the risky behaviour that plagued past technologies – respondents report users with weak passwords (37%) using poor password hygiene (34%), using unauthorised cloud apps (36%), and connecting with personal devices (35%) as common risky behaviour."

The way forward

"While the cloud has introduced new efficiencies and capabilities to the enterprise, the CSTR reveals that too many companies are not confronting the security risks that cloud adoption has introduced, including an increased risk of data breaches.

"Investment in cloud cyber security platforms that leverage automation and AI to supplement visibility and overtaxed human resources is a clear way to automate defences and enforce data governance principles. However, as the consequences of cyber security become increasingly impactful to business success, it is also time to recalibrate culture and adopt security best practices at a human level."

To learn more, Symantec has a free webinar entitled "2019 Cloud Security Threat Report: Understand the Latest Cloud Security Trends", which will air on July 26, 2019, at 3pm (register to see the correct date and time in your own timezone) which you can register for here.

The webinar will be hosted by Jim Reavis, co-founder and chief executive at Cloud Security Alliance, and Kevin Haley, director Security Technology and Response at Symantec, as they discuss key findings from the 2019 Cloud Security Threat Report, real world examples of security threats and whether the perception of cloud security matched up to the evolving cloud threat and emerging trends in cloud security that can help you respond to the evolving attack surface.

The company has also published a blog post entitled "Symantec’s Cloud Security Threat Report Shines a Light on the Cloud’s Real Risks" and the full report can be downloaded here after free registration

Here is the report's infographic:

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News