{"id":33157,"date":"2022-12-22T11:18:12","date_gmt":"2022-12-22T16:18:12","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=519325"},"modified":"2022-12-27T09:44:21","modified_gmt":"2022-12-27T14:44:21","slug":"spending-on-the-basics-not-just-technology-is-vital-for-cloud-security-report","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/spending-on-the-basics-not-just-technology-is-vital-for-cloud-security-report\/","title":{"rendered":"Spending on the basics, not just technology is vital for cloud security: Report"},"content":{"rendered":"<p data-ar-index=\"0\">CISOs have known for years that money alone doesn\u2019t buy security in on-premises environments. The lesson is the same in the cloud, according to a new report.<\/p>\n<p data-ar-index=\"1\">Produced by IDC and sponsored by Bell Canada, the analyst\u2019s brief released this month is based on a survey of the cloud adoption of 300 medium and large organizations, their security capabilities, and their success at delivering strong security outcomes.<\/p>\n<p data-ar-index=\"2\">Among the surprising findings: The highest security technology spenders had more breaches than average. Technology alone wasn\u2019t keeping organizations in the study secure. It also needs to include processes, tools, and people.<\/p>\n<p data-ar-index=\"3\">Only 52 per cent of organizations studied were able to protect themselves from a security breach, the survey concluded.<\/p>\n<p data-ar-index=\"4\">It also showed that only 34 per cent deployed cloud security posture management solutions, \u201cleaving the remainder exposed to misconfigurations,\u201d the study concluded.<\/p>\n<p data-ar-index=\"5\">In a lot of ways, said David Senf, a senior manager in Bell Canada\u2019s security practice, the study shows IT departments need to focus on cybersecurity basics.<\/p>\n<p data-ar-index=\"6\">\u201cWhat organizations aren\u2019t doing enough of is focusing on knowing what they have in the cloud, what are the misconfigs, what are the actual risk levels, so they can allocate resources more effectively.\u201d<\/p>\n<p data-ar-index=\"7\">Survey results also showed that organizations that focused on detection \u2014 including logging and monitoring IT network activity and automating response \u2014 did better than others.<\/p>\n<p data-ar-index=\"8\">The study grouped responding organizations into four categories:<\/p>\n<p data-ar-index=\"9\">\u2013<strong>Traditionalists<\/strong>, who are stuck in legacy skills, processes and technology, and had limited cloud adoption;<\/p>\n<p data-ar-index=\"10\">\u2014<strong>Pragmatists<\/strong>, who had slower than average cloud adoption but were starting to take the right security actions. Generally they fared better than others in security outcomes;<\/p>\n<p data-ar-index=\"11\">\u2014<strong>Strategists<\/strong>, who took a measured approach to the cloud and had the best security outcomes.<\/p>\n<p data-ar-index=\"12\">\u2014<strong>Denialists<\/strong>, who had rapid cloud migration but primarily relied on security technologies for data protection. They suffered the worst security outcomes of the four groups because the right security processes were not in place.<\/p>\n<p data-ar-index=\"13\">IT departments should strive to emulate the approach of Strategists, says the report.<\/p>\n<p data-ar-index=\"14\">The organizations in this group find the proper balance between speed of cloud adoption and taking time to implement security processes,\u201d the report says.<\/p>\n<p data-ar-index=\"15\">\u201cIn addition, they focus on increasing the security skills of developers and IT and security staff. They do not rely as heavily on technology solutions as the less-secure Denialists do. They acknowledge that improving security maturity involves a continuous investment of resources and ongoing management; it is a strategy, not a project. They recognize that maintaining security takes time and if planned properly, without significant hardship.\u201d<\/p>\n<p data-ar-index=\"16\"><strong>Strategists<\/strong><\/p>\n<p data-ar-index=\"17\">\u2013use security frameworks such as those from the Cloud Security Alliance, the U.S. National Institute for Standards and Technology (NIST), the ISO and the Centre for Internet Security (CIS);<\/p>\n<p data-ar-index=\"18\">\u2013focus on key security processes, such as having an ongoing inventory of cloud services, continuous assessment of cloud configurations, managing entitlements, and threat detection;<\/p>\n<p data-ar-index=\"19\">\u2013both shift left (integrate security early in their application development process) and shield right (execute strong security of their live applications);<\/p>\n<p data-ar-index=\"20\">\u2013use cloud security posture management tools and processes to detect misconfigurations and drifts from a known good state;<\/p>\n<p data-ar-index=\"21\">\u2013automate security tasks where possible;<\/p>\n<p data-ar-index=\"22\">\u2013and ensure cloud control through the use of cloud access security brokers and zero-trust network access.<\/p>\n<p data-ar-index=\"23\">\u201cThings like how fast do you respond to an incident, how much protection did you put in place, how fast can you recover are important\u201d in cloud environments, said Senf, \u201cbut if you don\u2019t have the foundational elements of \u2018what\u2019s the inventory [of cloud services]\u2019, \u2018can I detect when something\u2019s happening\u2019, then, relative to your peers, you\u2019re not going to be performing as well [as other organizations] from a security perspective.\u201d<\/p>\n<p data-ar-index=\"24\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/spending-on-the-basics-not-just-technology-is-vital-for-cloud-security-report\/519325\">Spending on the basics, not just technology is vital for cloud security: Report<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bell\/IDC study of Canadian organizations showed the highest security technology spenders had more breaches tha<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[19,16],"tags":[753,391,393],"class_list":["post-33157","post","type-post","status-publish","format-standard","hentry","category-cloud","category-security","tag-bell-canada","tag-di","tag-security-strategies"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/33157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=33157"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/33157\/revisions"}],"predecessor-version":[{"id":33278,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/33157\/revisions\/33278"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=33157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=33157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=33157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}