Cloud security solutions and skills are still nascent a new assessment shows that 44% of organizations do NOT have security proficiency to address requirements.
Cybercriminal activity is rampant! Ranging from nation state attacks to credit card fraud, sophisticated mobile attacks, fraudulent payment schemes and much more. Realizing that Cloud security solutions must be deployed is taking time.
There were also very public incidents of data breaches hitting various companies and that raises serious questions and concerns over responsible Cloud security solutions. Still, IT clouds will continue to be a vital engine of digital transformation, and realizing this issue is critical to Enterprises, Governments, and businesses everywhere. There is a challenge to data security when data is stored in the cloud.
BT and Cisco initiated a research with IDC to conduct an AMEA Security Proficiency Assessment which reviewed large multinational corporations in 14 markets to evaluate their cybersecurity proficiency levels, use of advanced security technologies, cloud adoption, and readiness in addressing the security challenges posed by cloud.
Cloud security solutions in Enterprise
This IDC Research found that 44% of organizations do not have the security proficiency to address the range of requirements needed to make integrated risk-based decisions and enable optimization controls in the right place – and this is hindering the adoption of cloud and their digital transformation. In addition, organizations in the Asia Pacific (ex-Japan) region languish behind the US and EMEA, with only 45.5% of those surveyed operating at the basic ad hoc level of security proficiency.
This lack of Cloud security solutions proficiency is particularly worrying given the increasing incidence of cyber crime.
An interesting point is that there is also a strong correlation between an organization’s security proficiency level and their digital transformation maturity. A KPMG report found that 73% of directors responsible for IT, resilience and operations at major global companies saw digital security as a board-level agenda item, but only 22% said they were fully prepared to combat security breaches.
A proficient security program has a complex interplay of technology, processes, and people, governed by risk management capabilities and driven by a strategy that enables the organization to safely make the digital transformation. It’s complicated and expensive.
According to IDC, a successful cloud security solution in enterprise depends on a multi-pronged approached guided by a strategy that focuses not just on security, technology, and compliance, but also on people, processes, and economics.
IDC Security Proficiency Rankings
|Basic||a basic IT security program, addresses issues as they arise (57.8% of respondents)|
|Proficient||a formal IT security program with moderate attention paid to security by C-level|
|Highly Proficient||a broad IT security program encompassing full compliance, which evaluates needs using quantitative cost justification requirements and which has the close attention of C-level|
|Optimized||a well-defined IT security program for full compliance and advanced security, which is also closely aligned with business objectives. C-level includes security executives at Board level that examine technology-related risks.|
Cloud Security Solutions are still a big challenge for Asia-Pacific companies
Security as a Service was the top-rated advanced security technology. The majority of companies have adopted or are planning to adopt it in the next 12 months.
Only 18% of organizations adopt a “cloud-first” sourcing model. By the end of 2016, 40% are adopting a cloud-first model.
Significantly, 17.8% of respondents believed cloud services adoption posed more security challenges than benefits.
Having an effective, proficient cybersecurity program is absolutely critical for creating differentiated and innovative organizations and enabling the digital transformation journey. Companies that take pragmatic, risk-based steps to sensible cloud adoption, with the relevant cloud security solutions will be the first to benefit.