ITWeb, in partnership with Veritas, conducted an online survey on securing the enterprise in a multi cloud environment.

The survey sought to explore the cyber security gaps in standard backup and disaster recovery offerings that cloud service providers (CSPs) offer.

A total of 127 valid responses were captured, with 56% of respondents being at management level, and working in a range of major industry sectors. Some 37% of respondents came from the IT sector and the rest were spread across other sectors, with the financial services and government sectors well represented.

Here are some of the key findings:

  1. Thirty percent of the survey respondents said that their organisation currently used one certified public cloud service provider – excluding SaaS, while 27% said they used two providers and 19% used three providers.
  2. Almost half (45%) of the survey respondents say their organisation has complete visibility to monitor, access and analyse data stored within cloud environments. 27% say they have some visibility and 20% say they have limited or very limited visibility.
  3. The top three benefits that respondent organisations experience when using a public cloud service provider are: data security (69%); scalability (59%); and flexibility (58%).
  4. 39% of respondent organisations say that they use native cloud security tools when accessing/storing data in cloud environments all the time. 27% say they use these tools most of the time and 23% say they use them some of the time.
  5. More than half of respondent organisations (59%) agree that relying solely on native cloud security tools puts their organisation at risk. 38% don’t believe this to be the case.
  6. Most respondents (70%) believe there are gaps in cybersecurity when using a native cloud security tool. A quarter (25%) of respondents disagree.
  7. Just over half (56%) of survey respondents use the default configuration when using native cloud security tools. 37% say they don’t use the default configuration.
  8. 71% of respondents agree that the complexity of data protection and recovery is made more complex because native cloud security tools differ between providers.
  9. 64% of respondents say that they haven’t experienced data loss as a result of relying on cloud native backup, while 20% say they have lost data.
  10. Just over half (55%) of respondents don’t believe that their organisation is at greater risk of being the victim of ransomware as a result of relying on cloud native security backup. 37% believe they are at risk.
  11. Asked why their organisation uses native cloud security tools when accessing/storing data in cloud environments, respondents cited ease of use (59%), cost effectiveness (56%) and low levels of maintenance (46%) as their top three reasons.
  12. The impact – if any - that respondent organisations experienced because of a ransomware attack on the data they hold within cloud environments was listed as:

    • My organisation has not experienced a ransomware attack (42%)
    • My organisation has not experienced any impacts from a ransomware attack (23%)
    • Organisational downtime (23%) 
    • Financial loss – data recovery (19%) 
    • Exposure of sensitive data / information (16%) 
    • Damage to reputation (16%) 
    • Permanent / temporary loss of data (16%) 
    • Financial loss – ransom payments (13%)
  13. Over the past two years, the top three reasons that caused respondent organisations to experience downtime were: hardware / software outage (48%), human error (36%) and application failure (35%).
  14. Strategies that organisations have in place to protect their data within cloud environments include: multi factor authentication (75%); malware detection (51%); differing admin credentials (45%) and limited trusted devices (45%)