According to new research from Thales, almost half (49%) of businesses believe cloud apps make them a target for cyberattacks.
Surveying 1,050 IT decision makers globally, Thales’ 2019 Access Management Index revealed that cloud applications (49%) are listed in the top three reasons an organisation might be attacked, just behind unprotected infrastructure such as IoT devices (54%) and web portals (50%).
With cloud applications now a crucial part of day-to-day business operations, the majority (97%) of IT leaders believe that cloud access management is necessary to continue their cloud adoption.
However, despite four in 10 (38%) organisations appointing a CISO due to concerns over data breaches in the past 12 months and 79% of IT decision makers stating that CISOs are responsible for selecting the solutions their company has in place, just one in 10 (14%) are given the final decision on cloud access management.
In fact, companies are more likely to put their faith in a traditional IT role, CIOs (48%) when dealing with this, suggesting a disconnection between the decision-making and implementation surrounding cloud security.
Tina Stewart, Vice President Market Strategy for Cloud Protection and Licensing Activity at Thales, said: “Thales protects our customers’ business by enabling them to securely access and use cloud applications. The 2019 Thales Access Management Index findings clearly show concerns surrounding cyberattacks when deploying cloud applications.
“Trusted access to the cloud is key to our customers’ Digital Transformation, but without adequate investment in a dedicated CISO office, organisations will lack the leadership required to implement the correct security strategy or solutions to keep them secure in the cloud.”
Breaches bringing changes
Positively, the growing awareness of consumer data breaches has led to organisations taking action; almost all (94%) have changed their security policies around access management in the last 12 months. What’s more, the biggest areas of changes have focused around: staff training on security and access management (52%); increasing spend on access management (45%) and access management becoming a board priority (44%).
Obstacles blocking access management
In spite of the updates to security policies, the majority of IT leaders (95%) believe ineffective cloud access management is still a concern for their organisation. In fact, their biggest concerns are its impact on security (48%), IT staffs’ time (44%) and on operational overheads and IT costs (43%). Worse, when it comes to implementing access management solutions, they cited costs (40%), human error (39%) and difficulty integrating them (36%) as the biggest obstacles.
When it comes to cloud solutions, three-quarters (75%) of organisations already rely on access management to secure their external users’ logins to online corporate resources. In particular, two-factor authentication is the most likely (58%) tool to be seen as effective at protecting cloud and web-based apps, followed by smart single sign-on (49%) and biometric authentication (47%).
Stewart concluded: “While organisations are getting to grips with access management solutions, IT and business decision makers must ensure they understand the risks to their cloud solutions in order to implement the relevant ones.
“These solutions must be perimeter-free, compatible with a zero-trust model and flexible and adaptive in order to make the most of the latest technologies such as Smart SSO. Without effective access management tools in place organisations face a higher risk of breaches, a lack of visibility and incur extra costs from poorly optimised cloud.”
Jason Hart, Cybersecurity expert at Thales, added: “It’s positive to see the UK ahead of its counterparts in using the right expertise in the right places. Giving CISOs the final decision on cloud access management is the most logical thing because they have the situational awareness to understand the risks facing the business and how to stop it more than anyone else. However, being ahead of the global average isn’t enough as a huge majority are still not giving the CISO or equivalent the final say, leaving most UK businesses exposed in the long run.”