Half of IT security pros identify data loss protection as No. 1 cloud security priority, says European survey

A new research report, Cybersecurity Trends 2017 Spotlight, exploring the latest cybersecurity trends and organisational investment priorities among companies in the UK, Benelux and Nordics, has been released by Alert Logic. The company is a provider of Security-as-a-Service solutions for the cloud.

Conducted among 317 security professionals, the survey indicates that while cloud adoption is on the rise, the top concern is how to secure data in the cloud and protect against data loss (48%). The next two biggest priorities for security professionals were threats to data privacy (43%) and regulatory compliance (39%).

The study also examined the top constraints faced by these organisations in securing cloud computing infrastructures. The study found that organisations lack internal security resources and expertise to cope with the growing demands of protecting data, systems and applications against increasingly sophisticated threats (42%). This is closely followed by a desire to reduce the cost of security (33%), moving to continuous 24×7 security coverage (29%), improving compliance (24%) and increasing the speed of response to incidents (20%).

Public cloud platform providers like Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform offer many security measures, but organisations are ultimately responsible for securing their own data and the applications running on those cloud platforms.

According to Verizon’s recent security report, attacks on web applications are now the No. 1 source of data enterprise breaches, up 300% since 2014. Similarly, the report found cybersecurity professionals – more than half of survey participants – to be most concerned about customer-facing web applications introducing security risk to their business (53%).

This is followed by mobile applications (48%), desktop applications (33%) and business applications such as ERP platforms (31%). Application related breaches have negative consequences and can lead to revenue loss, significant recovery expense, and damaged reputation.

“Web applications are the most significant source of breaches for organisations leveraging cloud and cloud hybrid computing infrastructures,” said Oliver Pinson-Roxburgh, EMEA director at Alert Logic. “They are complex, with a large attack surface that can be compromised at any layer of the application stack and often utilise open source and third-party development tools that can introduce vulnerabilities into an enterprise.”

Organisations can implement incentives to prevent gaps in the security policy of an application or to avoid vulnerabilities in the underlying system that are caused by flaws in the design, development, deployment, upgrade, maintenance or database of the application. Additionally, many businesses turn to cloud security vendors with a “products + services” strategy rather than technologies alone to fight web application attacks.

Businesses increasingly find that a combination of cloud-native security tools provided in combination with 24×7 security monitoring by security and compliance experts is the best way to secure their sensitive data – and the sensitive data of their customers – in the cloud.

“A multi-layer web application attack defence is the cornerstone of any effective cloud security solution and strategy,” said Pinson-Roxburgh.

Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus