Evolving Cloud Threats
Last year Symantec published the Cloud Security Threat report to assist companies in identifying cloud based security threats. They found that many of these threats existed as a result of the company’s own misuse and misunderstanding of cloud based work. With over half of the average organization’s workload now occurring in the cloud, it’s time to get serious (and get educated) about cloud security.
Perception vs. Reality

The vast majority of organizations currently using the cloud have trouble keeping track of their workload. In fact, most employers drastically underestimate the real number of cloud-based apps that their company and their employees are using (on average the number of apps is four times higher than what they expected). With no tangible understanding of what work is happening or how it gets done, it’s no wonder that so many businesses experience cloud security threats.
Are We Trained for This?
With businesses becoming more cloud based every day, it only seems logical that employees would be getting more cloud savvy as well. However that’s not the case. 93% of employees that were surveyed said that they lacked the necessary security skills, and the majority of participants believe that inadequate cloud security practices are the cause of cloud security incidents. And if you’re wondering how prevalent cloud incidents are, they made up almost 2/3 of all security incidents in 2018.
Risky Business
Over 1/4 of employees engage in “risky business.” That is to say that they misuse cloud applications in a way that puts their organization’s sensitive data at high-risk. However, what is perhaps more alarming is that almost all users are putting corporate data at risk by inadvertently oversharing. Insider threats, whether purposeful or accidental, are occurring with increasing intensity. The worrying result is that 68% of survey participants have seen direct or likely evidence that their data has been made available for sale on the dark web.
Cloud Apps
Symantec internal data reports that of the ~33,000 apps that the Business Readiness Rating has reviewed, a mere 1% have the required built-in security for regular business use, and 39% of them are not suitable for business use at all. Being more selective (and more knowledgeable) of which applications have access to your networks and your data will go a long way in protecting your business.
Next Steps
Education is the best weapon against security threats, and with 85% of users not using the Center for Internet Security’s best practices, we could all use it. Here are Symantec’s top 4 suggestions for improving security:
- Develop a strategy supported by a Cloud Center of Excellence (i.e. a team of people responsible for managing the cloud ).
- Embrace a zero-trust model.
- Promote shared responsibility.
- Use automation and AI wherever possible.
This article was published in the
March 2020
edition of The TMC Advisor
- ISSN 2369-663X Volume:7 Issue:2
©2020 TMC Consulting