Survey Reveals Why Cloud Security Risks Are Justified


Common cloud security mistakes such as misconfigurations and improper credential management are often blamed for data leakages in the cloud. But a new report from Bitglass finds that the benefits of cloud computing can’t be fully realized if organizations continue to rely on legacy technologies to secure cloud infrastructure.

One thing is evidently clear this year — organizations rushed head-first into the cloud without fully understanding the security implications. A Bitglass surveyed confirmed that organizations don’t have a solid grip when it comes to securing their cloud infrastructure.

The pandemic inspired companies of all sizes to speed up cloud adoption to drive digital transformation projects. But as Bitglass CTO Anurag KaholOpens a new window puts it, it also created significant complexity.

The study mirrors a consistent trend in cloud computing — rising cloud security concerns and how to get cloud security right. The reportOpens a new window found that 73% of respondents are very/extremely concerned about the security of the public cloud, while 20% are moderately concerned.

When it comes to protecting data in the cloud, organizations continue to rely on legacy technologies for on-premise infrastructure. For instance, 44% still use firewalls, 36% use network encryption, and 26% use network monitoring tools to secure their cloud infrastructure.

“As data moves off-premises and beyond the reach of conventional tools like firewalls, the enterprise needs to think differently to identify how best to secure it,” KaholOpens a new window told Toolbox.

See Also: Why Organizations Need to Talk About Cloud Security: Bitglass CTO

Currently, the  security capabilities deployed by respondents are:

Security Capability

Used By (%) Security Capability Used By (%)
Access Control 68% Data Loss Prevention


Anti-Virus / Anti-Malware / ATP

54% Configuration and Vulnerability Management 30%
Multi-Factor Authentication (MFA) 47% Security Information and Event Management (SIEM)


Data Encryption

45% Cloud Access Security Broker (CASB) 29%
Single Sign-On (SSO) 44% Network Monitoring


Endpoint Security Controls

37% Intrusion Detection and Prevention 25%
Firewalls / NAC 36% Application-specific Protections (WAF)


Network Encryption / VPN

35% Content Filtering / SWG 20%
Log Management And Analytics 32% – –


What’s more, safeguards against data loss prevention (DLP) are implemented by only 31% even though it is the biggest cloud security concern. Meanwhile, SIEM, which can mitigate incident response concerns, is implemented by only 29% of respondents.

Additionally, respondents also lack visibility in: unmanaged apps (66%), external sharing (55%), DLP policy violations (50%), file uploads (50%), file downloads (45%), user logins (28%).

Moreover, the use of multiple fragmented security solutions, which may involve multiple dashboards, also make the security process cumbersome.

Bitglass found that 48% of respondents use three or more dashboards.

See Also: Positioning Yourself for a SASE Future

Kahol highlighted the importance of next-gen security tools like secure access service edge (SASE) to address the above pain points. “Implementing a SASE architecture means replacing multiple point products that provide disparate levels of protection and have to be managed individually. SASE provides the comprehensive security needed for a remote workforce in a cloud-first world,” he said.

It can also integrate with technologies like secure web gateways (SWGs), CASBs, and zero trust network access (ZTNA).

GartnerOpens a new window estimates that 40% of companies would adopt SASE by 2024.

Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!