A recent survey of 450 cyber security and IT professionals identifies shadow IT as the biggest challenge facing chief information security officers (CISOs). In the Oracle and KPMG Cloud Threat Report 2019, 93% of respondents say shadow IT continues to be a significant problem.
Half of those surveyed say a lack of security controls and misconfigurations that leave the enterprise vulnerable to fraud or data breaches were also a problem.
Shadow IT – a term used to designate the implementation of personal devices or cloud services and apps by employees without IT approval – causes major headaches for cyber security teams. Without knowledge of the devices or applications, there’s no way to ensure they are being monitored and secured within the enterprise protocols.
Shadow IT isn’t the only problem, though a full one-quarter of the survey participants identified it as their most pressing challenge in the area of cyber security.
There’s also confusion about responsibilities, with 90% reporting that they are confused about their role when it comes to managing Software as a Service (SaaS) and other managed services. And when determining who is responsible for securing the system, the numbers are staggering: 82% say their enterprise has experienced confusion over shared responsibility, resulting in a security event. 71% say employees don’t tend to adhere to formal cloud use policies, resulting in data breaches and malware infiltrations.
The Dominance of Cloud Solutions: Part of the growth of problems related to cyber security is the proliferation of cloud solutions. Adoption is widespread and cloud solutions are no longer new innovations that companies experiment with to see what they can do; a cloud environment is a strategy housing mission-critical workloads. Cloud services support core business functions.
Findings from the survey illustrate this point: the number of organizations with more than half of their data residing in the cloud will increase 3.5 times between 2018 and 2020. The majority of the data is considered sensitive in 71% of enterprises, compared to 50% of respondents the year before. While there are policies in place to protect this data, 92% of survey participants say that they have concerns about whether employees will be willing to follow those policies.
Automation to the Rescue: While 51% of respondents say patching causes a delay in their projects, 89% have an interest in utilizing automated patching. Enterprises are also accessing machine learning features to address broader cyber security threats, with 53% currently using the technology. 48% are using multifactor authentication to introduce a secondary authentication factor when any unusual behavior is detected.
Additional cyber security concerns include compromises in the supply chain – leading to malware infection – and the ability to effectively analyze security event data. Growing mobile and remote teams also introduce different risk and exposure elements, with CISOs concerned with edge-based security policies and tools.
For more information about developing effective shadow IT policies or to leverage the most effective tools for harnessing machine learning for cyber security, contact us at eXemplify. We can help you address your most pressing concerns through the latest technology while staying within your security budget.