Half of CISOs say their organization’s desire for growth and rapid digitalization is detrimental to data security in the cloud
Half of CISOs say their organization’s desire for growth and rapid digitalization is detrimental to data security in the cloud, according to Netwrix’s 2021 Cloud Data Security survey.
The top challenges to securing sensitive data in the cloud that were named by survey respondents were lack of IT staff (52%), insufficient budget (47%) and lack of cloud security expertise (44%). Employee negligence was cited by 38% of respondents, but just 17% chose malicious actions of insiders as an issue. This finding reflects reality, since only 10% of organizations reported data theft by employees.
These challenges are exacerbated by business demands for speedy digital transformation. Indeed, one in four respondents who work in an IT department said that executives put pressure on them to drive rapid digital transformation to the detriment of data security. This problem is especially critical for the CISOs who responded — 48% note that the organization’s desire for growth hinders efforts to ensure data security in the cloud.
In an effort to overcome cloud security challenges, the top data security controls being deployed in the cloud are encryption (62%), auditing of user activity (58%) and cloud backups (58%). Moreover, 62% of respondents have already removed sensitive data from the cloud or are planning to do so — 14% more than in last year’s study.
Other survey findings include:
- Half of enterprise organizations (1,000+ users) listed lack of cloud security knowledge as a cloud security challenge.
- 25% of organizations say that inconsistent tools and processes due to multiple workloads across different cloud platforms is a challenge to ensuring data security in the cloud.
- 48% of CIOs are concerned about insufficient IT staff and lack of cloud security expertise in their departments.
- Lack of budget is the top pain for 68% of CIOs.
Ilia Sotnikov, Security Strategist & VP of User Experience at Netwrix commented, “To overcome cloud security staff, budget and skills shortages, organizations should consider investing in easy-to-use and scalable solutions that help address data security risks in the cloud. This should include solutions that can automatically identify and reduce exposure of sensitive content, automate change and configuration auditing, flag potentially harmful activity, and enable rapid incident detection and response. The fact that IT leadership feels pressure from the business possibly highlights a lack of mutual understanding. CISOs and CIOs should accept that risk management is a business function, and help the C-suite fully understand risk levels and the business impact of technology decisions.”