Cracks in the Cloud: The Next Frontier for Cybercrime

Singapore ranks the lowest in terms of using both encryption and tokenization to secure their cloud data.

Symantec (Nasdaq: SYMC), the global leader in cyber security, today released findings from the new Symantec cloud security survey which reveals the state of enterprise data security. The advantages of cloud computing — scalability, speed to market, lower costs and higher productivity — are well known throughout most industries. But for cyber criminals, this new, borderless infrastructure is a potential goldmine.

Survey findings reveal that cloud security is a top concern for chief information security officers (CISOs) in Singapore and are taking measures to improve security in 2017. Covering 1,100 CISOs across 11 global markets, the report reveals that companies in Singapore currently ranks the lowest in terms of using both encryption and tokenization to secure their cloud data.

A widening scope for cloud-based attacks
 The survey shows the extent to which cloud security is keeping CISOs in Singapore awake at night. Tellingly, almost all (90%) believe that ensuring cloud applications meet compliance regulations is one of the most stressful aspects of their job.

The industry compliance issues that they find most worrying include the governance of corporate-owned mobile devices (23%), and broad sharing of compliance-controlled data in cloud applications (21%).

Other concerns include the broad sharing of employee use of unsanctioned cloud applications (20%), tracking of activities in sanctioned cloud applications (19%), and keeping on top of country and region-specific data residency and control regulations (17%).

The widespread adoption of cloud applications, coupled with risky user behavior that corporations may not even be aware of, is further widening the scope for cloud-based attacks. Singapore CISOs estimate that, on average, 32% of cloud-based applications used at their company are unsanctioned, or ‘shadow apps’. The vast majority (77%) also believe that their Chief Executive Officer has probably broken internal security protocols at some point — either intentionally or unintentionally.

A need for end-to-end solutions
 As enterprises become more reliant on the cloud to improve collaboration and flexibility, it’s becoming increasingly difficult for CISOs to keep track of and secure sensitive company data, let alone maintain compliance with regulatory requirements. To bolster information security as their organization’s data flows between on-premises systems, mobile applications and cloud services, 97% of CISOs in Singapore plan to increase spending on IT staff security training on average by 25% this year. This is a significantly higher average increase than overall CISOs surveyed which stood at 20%. On average, new IT employees will undergo 16 hours of security training during their onboarding process in 2017.

The need for data security, compliance, and residency is also driving Singapore CISOs to look for encryption and/or tokenization solutions to support their Software as a Service (SaaS) initiatives. Symantec’s survey reveals that while 94% of CISOs in Singapore believe tokenization of cloud data is the best way to meet data residency and control regulations, only 59% use tokenization methods. Instead, 78% use encryption to secure their cloud data. Further, less than half (37%) use both encryption and tokenization — the fewest among all the countries surveyed.

Despite such measures, security challenges remain. Cybercriminal groups are opportunistic in the way they operate, using flaws in legitimate operating systems, tools, and cloud services to compromise networks. To effectively counter such behaviors, CISOs require unparalleled visibility and control over sensitive content that users upload, store and share via the cloud. Rather than relying on one-off fixes and reactive patches to protect confidential information, successful CISOs are eradicating exploitable vulnerabilities by deploying proactive, end-to-end solutions.

Addressing cloud security through a holistic approach
 Failure to ensure appropriate security protection when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of cloud computing. To ensure success, organizations require a new model of integrated security which provides stronger protection, greater visibility and better control of critical assets, users, and data.

Addressing cloud security holistically creates operational efficiencies and allows Singapore CISOs to take full advantage of the cloud. This approach guarantees their critical information is secure and protected, giving them the peace of mind they need to lead their companies in the data-driven era.

Originally published at The Neo Dimension.