Zinopy’s recent cloud security research found that 91% of Irish businesses either had a cloud development strategy or is currently putting one in place. Here is the second part summarising the survey highlights. Read part 1 HERE.
The three most used security measures to protect sensitive data and control access to the cloud were multi-factor authentication, anti-malware and encryption. The remainder (in order) were:
- Network access controls
- Log and event management (SIEM)
- Vulnerability scanning
- Application control (application whitelisting)
- Identity and access management (IDM/IAM)
- Forensics and incident response
- DLP (host- or network-based)
- Cloud encryption gateways and/or cloud access security brokers (CASBs)
On a similar note, IAM is the most used security control to protect applications in the cloud, with malware detection, encryption and log and event management (SIEM) following closely.
What type of cloud?
It seems that most of us are using a hybrid or multi cloud strategy (59.7%). This of course makes sense, because not everything needs to be in the cloud. There are many good reasons why systems shouldn’t be moved. None more important than a bespoke application critical to business operations where moving it would carry too great a risk. Also, sometimes applications have a physical onsite dependency.
84.5% said the most common application used in the cloud is - no great surprise – business applications. Most likely Microsoft Office 365 and similar. After this came Backup as a Service and storage/data archiving with Disaster Recovery coming in fourth. Again, this all logical because these are the easiest applications to move to the cloud. Not just that, they make more sense in the cloud than on-premises.
Further to that, the foremost concern for organisations regarding the use of business applications in the public cloud was unauthorised access to sensitive data by others such as cloud tenants, cloud provider personnel or third parties.
As we always say here in Zinopy, (and to quote Misha Glenny, cyber security journalist):
“There are two types of companies, those that have been hacked and those who don’t know they’ve been hacked.”
Prevention is always better than the cure. Talk to us to learn more about the tools needed to defend your organisation from cyber attacks.
Download the survey results here.