Post on 17-Jun-2020
2019 Cloud Security Report
As organizations migrate more and more of their data and operations to the cloud, they must
ensure that they maintain a robust cybersecurity posture. However, frequent breaches in the
news seem to suggest that many companies are not prioritizing security to the degree that
they should. To uncover the state of enterprise security in the cloud, Bitglass partnered with a
leading cybersecurity community and surveyed IT professionals.
1. Securing major apps in use
2. Reaching regulatory compliance
3. defending against malware
4. discovering unmanaged apps
5. securing mobile devices
6. preventing cloud misconfigurations
Awe some m i x vol . 1
1. Defending against malware
2. Reaching regulatory compliance
3. Securing major apps in use
4. preventing cloud misconfigurations
5. securing mobile devices
6. discovering unmanaged apps
2 0 1 92 0 1 8
Organizations’ leading cloud priorities have shifted over the past year. While defending against malware has ascended to the
top spot, discovering unmanaged apps in use has fallen to number six. Despite a change in their order, the top three priorities
from 2018 are each still in the top three in 2019. Finally, it is concerning that securing mobile devices isn’t a higher priority in
light of recent Bitglass research which found that 85% of companies now enable bring your own device (BYOD).
Awesome Mix 2019
67% of respondents believe cloud apps are as secure or more secure than on-premises apps—this is significantly
higher than the 40% recorded in 2015. Despite this, 93% of respondents are at least moderately concerned about
the security of the cloud. In other words, organizations know the cloud itself is highly safe, but are wrestling with
their responsibility to use it securely.
How concerned are you about the security of the cloud:
When compared to on-prem apps, public cloud apps are:
Security in the Skies
32%
35%
33%Not Concerned
Slightly Concerned
Moderately Concerned
Very Concerned
Extremely Concerned
4%
18%
37%
38%
3%
0
10
20
30
40
50
60
70
80
Custom
er Dat
a
Emplo
yee D
ata
DevOps D
ata
Sales &
Mark
eting D
ata
Contract
s & In
voice
s
Corpora
te F
inancia
l Dat
a
Inte
llect
ual Pro
perty
Health
Info
rmat
ion
Other
5%
18%
24%
30%33%
38%38%42%
45%
63%
Organizations are moving workloads and data into the cloud, granting them greater productivity and flexibility, but
increasing the likelihood of data leakage where proper security is not employed. As 45% of respondents store customer
data in the cloud, 42% store employee data in the cloud, and 24% store intellectual property in the cloud, adopting the
appropriate security measures is clearly critical.
A Galaxy in Need of Saving
What type of corporate data do you store in the cloud?
Access
Contro
l
Anti-M
alware
Encryp
tion
Firewalls
/ NAC
Singl
e Sign
-On
MFA
Endpoint S
ecurit
y
App-Specifi
c Pro
tect
ion
Data Loss
Pre
ventio
n
Log Manag
ement
Behavio
ral T
hreat
Dete
ctio
n
0
10
20
30
40
50
60
52%
46%
34%
30%26% 25%
22% 22% 20% 19% 18%
Weapons Systems
Access control (52%) and anti-malware (46%) are the most-used cloud security capabilities. However, these and others—like single
sign-on (26%) and data loss prevention (20%)—are still not deployed often enough. Additionally, as 66% of respondents said that
traditional security tools don’t work or have limited functionality in the cloud, adopting appropriate cloud security solutions becomes
even more critical. Fortunately, cloud access security brokers (CASBs) can provide many of these essential capabilities.
What security capabilities have you deployed in the cloud?
Despite a slight increase since last year, a mere 20% of organizations have visibility over cross-app anomalous
behavior. This is a critical requirement as only 25% of survey respondents are “single cloud” today. Unfortunately,
corporate visibility over every other category decreased since 2018. This may be due to the growing number of cloud
apps and personal devices over which IT struggles to gain visibility.
While the high percentage of organizations that have visibility into user logins (69%) suggests that the first step of
cloud security (identity management) has been taken, many organizations still lack visibility and control over what
happens after authentication.
Knowhere Your Data is Going
User Logins
DLP Policy Violations
File Uploads
Cross-App Anomalous
Behavior
File Downloads
Shadow IT Usage
External Sharing
0 20% 40% 60% 80%80% 60% 40% 20% 0
2019 2018
69% 78%
57% 58%
55% 56%
40% 44%
38% 46%
35% No Data
20% 15%
What do you have visibility into in the cloud?
Holes in the Hull
Since 2018, malware has emerged as the most concerning data leakage vector; it was selected by 27% of
respondents. Conversely, unsanctioned cloud apps falling from 12% to 5% shows that organizations are becoming
aware that there are data leakage threats greater than shadow IT.
Concerns about app infrastructure fell from 21% in 2018 to 9% in 2019. At the same time, misconfigurations
ascended from the middle of the pack (12%) to third place (20%). These stats highlight the growing awareness that
the cloud itself is highly secure, but that organizations must use it in a safe fashion.
Compromised Accounts
Malware
Unsecured WiFi
App Infrastructure Vulnerabilities
Other
Mis- configurations
Unsanctioned Cloud Apps
Unmanaged Devices
0 10% 15% 20% 25% 30%30% 25% 20% 15% 10% 0
2019 2018
21%
27%
21%
14%
20% 12%
9% 21%
8% 11%
7% 3%
5% 12%
3% 7 %
Which data leakage vector is most concerning for your organization?
0 10 20 30 40 50 60 70
Endpoint Protection69%
Native App Protections
Cloud Access Security Brokers
Secure Web Gateways
Other Third-Party ATP Solutions
48%
31%
31%
25%
None of the Above9%
30%
27%
27%
10%6%
Agent-Based Tools Like MDM
Block Personal Device Access to Data
Use a Trusted Devices Model
Grant Access to Any Device
Apply DLP at Upload or Download
Successfully defending against malware requires organizations to utilize a three-pronged strategy that encompasses
devices (endpoint protection), the corporate network (secure web gateways), and the cloud. While a few cloud apps
provide some built-in malware protections, most do not. As such, a combination of tools is necessary. Fortunately the
use of CASBs for malware protection has increased from 20% in 2018 to 31% today.
The use of agents to secure personal devices (which violates employee privacy and creates deployment challenges),
decreased from 38% in 2018 to 30% in 2019. Blocking personal device access to corporate data (which hinders
employee efficiency and flexibility), increased from 21% to 27%.
Defenses at the Ready
What anti-malware tools does your firm use to secure cloud data?
How does your firm secure corporate cloud data on personal devices?
0 10 20 30 40 50 60
Integration with Cloud Platforms
Simple Cross-Cloud Policy Enforcement
Cloud Native
Ease of Deployment
Cost Effectiveness
36%
36%
45%
46%
55%
Tools for Saving the Galaxy
Interestingly, cost is the leading concern for organizations evaluating cloud security providers. Other critical concerns
include ease of deployment (46%), whether the solution is cloud native (45%), the ease with which cross-cloud security
policies can be enforced (36%), and the solution’s ability to integrate with various cloud platforms (36%).
What do you look for in a cloud security provider?
Phone: (408) 337-0190
Email: info@bitglass.com
www.bitglass.com
About Bitglass
Bitglass, the Next-Gen CASB company, is based in Silicon Valley with offices worldwide. The company’s cloud
security solutions deliver zero-day, agentless, data and threat protection for any app, any device, anywhere.
Bitglass is backed by Tier 1 investors and was founded in 2013 by a team of industry veterans with a proven
track record of innovation and execution.
Wrap-Up
Maintaining a robust cybersecurity
posture is crucial in today’s
fast-paced world. Data is now
being stored in more cloud apps
and accessed by more devices
than ever before. While some
enterprises are prioritizing cloud
security, many still need to rethink
their approach to protecting
data. Fortunately, there are cloud
security solutions that can make
the task incredibly simple.