Cloud security is holding back more than four out of five organizations from adopting the latest technologies, according to a report released Tuesday by Gigamon.
Vanson Bourne surveyed 500 IT decision makers from organizations of various sizes in the U.S., U.K., Germany, and France during May to compile the report Hide and Seek: Cybersecurity in the Cloud (PDF). It shows almost three quarters of respondents (72 percent) have not scaled their monitoring and security infrastructure as their data volume has increased, and that over one-third (35 percent) intend to approach the security of their cloud networks the same way as their on-premise security operation.
This is despite the same decision makers reporting strong cloud adoption, as 37 percent say the majority of their organization’s application workloads are currently in the cloud, and 73 percent say the majority will be in the cloud within three years. Security concerns are also not holding back the storage of “crown jewels” in the cloud, such as corporate information (56 percent), and personally identifiable information (47 percent).
Almost half of organizations (43 percent) do not have full visibility into data on their network, according to the report. Factors reducing visibility appear to include data silos, with 78 percent agreeing data is most siloed between SecOps and NetOps, as well as hybrid environments, which 49 percent say prevent them from seeing where data is, and network blind spots, which 67 percent say are a major obstacle to data protection.
Among those who do not have full network visibility, half report they are missing information about threat identification, and just under half (48 percent) report they are missing information on what is being encrypted, and on insecure applications or traffic (47 percent).
While only 40 percent of respondents say security is a major concern when considering the adoption of new technologies, only 12 percent say their organization is not being held back from innovation by security concerns. Further, there is a significant split between countries, with those in Germany over twice as likely to cite security as a minor concern than a major one (60 percent to 28 percent), while those in the U.S. are more likely to consider it a major concern (47 percent) than a minor one (38 percent).
Cybersecurity spending is expected to rise by 36 percent over the next three years as these concerns are addressed, but 70 percent do not expect their security systems to be stronger.
With all of these visibility and security concerns, only 59 percent of those surveyed say their organization will be ready to comply with the general data protection rule (GDPR) by the May 2018 deadline. Research released by cybersecurity firm Guidance Software in May suggested that a quarter of business will not meet the GDPR deadline.
The report also explores perceptions of security operations centers (SOCs), use of cloud security frameworks and strategies, and preparations for GDPR.