Photo: iStock (iStockphoto)
Photo: iStock (iStockphoto)

72% company heads in India feel cloud security sufficient: Report

Among those that have deployed security solutions lack of unified view and proper management is a key issue

The notion that public cloud networks are secure by default and that no additional layer of security deployment is required on the part of the companies is widely prevalent among IT decision makers. A joint study by cybersecurity company Palo Alto Networks and Ovum Research shows that 72% of cybersecurity decision-makers in large enterprises in India with over 200 employees feel that security provided by cloud service providers is adequate against cloud-based threats.

Among those that have deployed security solutions lack of unified view and proper management is a key issue. Around 47% of the companies surveyed In India use over 10 security tools within their cloud infrastructure.

"Using numerous security tools creates a fragmented security posture, adding further complexity to managing security in the cloud, especially if the companies are operating in a multi-cloud environment," Andrew Milroy, head of advisory services, Asia-Pacific, Ovum said in a press statement.

Milroy notes such companies can benefit from centralised consoles that provide a holistic view of all cloud native solutions and use some form of AI (artificial intelligence) to track known and unknown malware threats.

Interestingly, 46% of Indian companies are using some form of threat intelligence tools to identify new threats.

The report also sheds light on the indifferent attitude of Indian companies towards security audits.

The fact that 63% of Indian organisations do not conduct annual security audits reflects that. Among those who conducted such audits, 57% do it on their own without involving a security company, while 19% do not bother to include their cloud assets in the auditing process at all.

Lack of awareness among non IT workforce and training among IT staff is another area that has been overlooked. Around 55% of companies do not conduct annual training sessions with their IT employees.

Though the Palo Alto and Ovum report focuses on Indian companies, poor attitude towards cloud security is a global problem.

According to Symantec's Cloud Security Threat Report for 2019 which surveyed 1,250 global security decision makers,

85% of its cloud infrastructure customers are not following the best security practices recommended by the Center for Internet Security (CIS). Further, 65% of the companies are not using multi-factor authentication on IaaS (infrastructure as a service) and 28% of the employees are involved in high risk behaviour.

As Anil Bhasin, regional VPl, India and SAARC, Palo Alto Networks, points out, organisations need to recognise that cloud security is a shared responsibility.

Organisations need to be more actively involved when it comes to securing their cloud infrastructure.