SINGAPORE - Immature security practices, overtaxed IT staff and risky end-user behaviour by employees surrounding cloud adoption are threatening cloud security at companies worldwide, according to a study by US-headquartered cyber-security firm Symantec.
In Singapore, almost two-thirds (63 per cent) of companies believe that their cyber-security practices are not able to mature quickly enough to keep up with the rapid expansion of cloud applications, Symantec said in a press statement on Tuesday (June 25).
This is despite half (51 per cent) of their workloads having been shifted to the cloud.
"The adoption of new technology has almost always led to gaps in security, but we've found the gap created by cloud computing poses a greater risk than we realise, given the troves of sensitive business-critical data stored in the cloud," said Nico Popp, senior vice-president for cloud and information protection at Symantec.
In fact, three out of four companies in Singapore said they have seen either direct or likely evidence that their data has already been put on the Dark Web for sale.
Globally, organisations "fear an increased risk of data breaches due to their move to cloud", Mr Popp said.
While data breaches can have a clear impact on enterprises' bottom line, it is not the underlying cloud technology that has worsened this problem, but the immature security practices.
IT teams are also becoming overtaxed, as there is increasing complexity in how IT is deployed and where data needs to be secured due to cloud adoption. This is seen as one-quarter of cloud security alerts go unaddressed in Singapore, with firms finding it difficult to keep pace with their security incidents.
"What's more, the future looks foggy, as 83 per cent of global respondents say they do not have processes in place to be effective in acting on cloud security incidents," Symantec said on Tuesday.
The lack of visibility into cloud workloads is a main cause of immature security practices. An overwhelming majority (93 per cent) of respondents worldwide said they had trouble keeping tabs on all their cloud workloads. Although companies estimated that they use 452 cloud apps on average, the actual number is nearly quadruple that, at 1,807.
Other immature security practices include poor configuration and failing to use encryption or multi-factor authentication.
"As a result of these immature practices, enterprises are facing an increased risk of insider threats," Symantec said.
Employees exhibiting risky behaviours in the cloud is a major challenge for security teams.
These behaviours may include storing sensitive data improperly in the cloud. About 93 per cent of global respondents said that oversharing is another problem, estimating that more than a third of their files in the cloud should not be there.
Symantec surveyed 1,250 security decision-makers in 11 countries, including Singapore, Australia and Japan, to compile the findings in its Cloud Security Threat Report.