Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Belief That Security Can’t Keep Up with Cloud Adoption

Symantec Research Finds More Than Half of Enterprises Believe Security Can’t Keep Up with Cloud Adoption

Symantec’s Cloud Security Threat Report (CSTR) finds cloud security exacerbated by immature security practices, overtaxed IT staff and risky end-user behaviour

• 73 per cent of respondents experienced a security incident due to immature security practices

• 93 per cent report issues with keeping tabs on all cloud workloads

• 83 per cent feel they do not have processes in place to be effective in acting on cloud security incidents and 25 per cent of cloud security alerts go unaddressed

• 93 per cent say oversharing is a problem, estimating that more than a third of files in the cloud should not be there

AUCKLAND, New Zealand – 25 June 2019 – Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, today announced new research revealing enterprises are struggling to keep up with the rapid expansion of cloud within their businesses. Surveying 1,250 security decision makers across the globe,Symantec’s Cloud Security Threat Report (CSTR) uncovered insights on the shifting cloud security landscape, finding enterprises have reached a tipping point: more than half (53 per cent) of all enterprise compute workload has been migrated to the cloud. However, security practices are struggling to keep up – over half (54 per cent) of enterprises indicate their organisation’s cloud security maturity is not able to keep up with the rapid expansion of cloud apps.

“The adoption of new technology has almost always led to gaps in security, but we’ve found the gap created by cloud computing poses a greater risk than we realise, given the troves of sensitive and business-critical data stored in the cloud. In fact, our research shows that 69 per cent of organisations believe their data is already on the Dark Web for sale and fear an increased risk of data breaches due to their move to cloud,” said Nico Popp, senior vice president, Cloud & Information Protection, Symantec. “Data breaches can have a clear impact on enterprises’ bottom line, and security teams are desperate to prevent them. However, our 2019 CSTR shows it’s not the underlying cloud technology that has exacerbated the data breach problem – it’s the immature security practices, overtaxed IT staff and risky end-user behaviour surrounding cloud adoption.”

Security modernisation isn’t keeping pace with the cloud

Companies are struggling to modernise their security practices at the same pace that they adopt cloud – 73 per cent experienced a security incident due to immature practices. Lack of visibility into cloud workloads is the leading cause – an overwhelming majority of survey respondents (93 per cent) report issues with keeping tabs on all cloud workloads. For example, Symantec’s research found that while companies estimate they use 452 cloud apps on average, the actual number is nearly four times higher, at 1,807. As a result of these immature practices, including poor configuration or failing to use encryption or multi-factor authentication (MFA), enterprises are facing an increased risk of insider threats – ranked by respondents as the third biggest threat to cloud infrastructure. CSTR data shows that 65 per cent of organisations fail to implement MFA in IaaS configurations and 80 per cent don’t use encryption.

Complexity is taking a toll

With cloud adoption introducing increased complexity in how IT is deployed – now across public cloud, private cloud, hybrid, on-prem – and where data needs to be secured, IT teams are becoming overtaxed. Given this, it’s not surprising that the CSTR revealed 25per cent of cloud security alerts go unaddressed. A majority (64 per cent) of the security incidents occur at the cloud level, and more than half of respondents admit they can’t keep up with security incidents. What’s more, the future looks foggy – 83per cent feel they do not have processes in place to be effective in acting on cloud security incidents.

Risky behaviours run rampant

One of the biggest challenges for security teams attempting to get a handle on the cloud is rampant risky user behaviour. According to CSTR respondents, nearly one in three employees exhibit risky behaviour in the cloud, and Symantec’s own data shows 85per cent are not using best security practices. As a result of these risky behaviours, sensitive data is frequently stored improperly in the cloud, making enterprises more susceptible to breach; 93per cent of CSTR respondents say oversharing is a problem, estimating that more than a third of files in the cloud should not be there. Additionally, the cloud is not immune to the risky behaviour that plagued past technologies – respondents report users with weak passwords (37per cent) using poor password hygiene (34per cent), using unauthorised cloud apps (36per cent), and connecting with personal devices (35per cent) as common risky behaviour.

The way forward

While the cloud has introduced new efficiencies and capabilities to the enterprise, the CSTR reveals that too many companies are not confronting the security risks that cloud adoption has introduced, including an increased risk of data breaches. Investment in cloud cyber security platforms that leverage automation and AI to supplement visibility and overtaxed human resources is a clear way to automate defences and enforce data governance principles. However, as the consequences of cyber security become increasingly impactful to business success, it is also time to recalibrate culture and adopt security best practices at a human level.


The Symantec 2019 Cloud Security Threat Report compares and contrasts the perceptions versus realities of cloud security using a combination of an external market study of 1250 IT decision-makers in 11 countries worldwide against various security telemetry that Symantec tracks across Cloud, email, Web security services, threat intelligence and other internally managed data sources.

About Symantec

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organisations, governments and people secure their most important data wherever it lives. Organisations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to help protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit or connect with us on Facebook, Twitter, and LinkedIn.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Statistics: Food Prices Increase 7.4 Percent Annually
Food prices were 7.4 percent higher in July 2022 compared with July 2021, Stats NZ said today... More>>

REINZ: Market Activity And Prices Continue To Ease, First Home Buyers Start To Return To The Market

New Zealand’s winter property market continues its recent trend, slowing from the pace of sales and price rises of last year — properties stay on the market longer and median prices dip... More>>

FMA: Cigna Admits Making False And Misleading Representations
Cigna Life Insurance New Zealand Limited has admitted to making false and/or misleading representations to customers in proceedings brought by the Financial Markets Authority (FMA) – Te Mana Tātai Hokohoko... More>>

Retail NZ: Welcomes Return Of Cruise Ships

“Cruise visitors were big spenders in retail prior to COVID-19, and retailers in Auckland will be celebrating the arrival of P&O’s Pacific Explorer this morning... More>>

ASB: Full Year Results: Building Resilience Today And For Our Future

In its 175th year, ASB has reported a cash net profit after tax of $1,418 million for the 12 months to 30 June 2022, an increase of $122 million or 9% on the prior year... More>>

Commerce Commission: Draft Determination On News Publishers’ Association’s Collective Bargaining Application
The Commerce Commission (Commission) has reached a preliminary view that it should allow the News Publishers’ Association of New Zealand (NPA) to collectively negotiate with Meta and Google... More>>