Data security is creating fear and trust issues among IT professionals, according to the findings of a new Oracle cloud security survey. The study of 750 cybersecurity and IT professionals across the globe found that a patchwork approach to data security, misconfigured services and confusion around new cloud security models has created a crisis of confidence that will only be fixed by organizations making security part of the culture of their business.
"The lift-and-shift of critical information to the cloud over the last couple of years has shown great promise, but the patchwork of security tools and processes has led to a steady cadence of costly misconfigurations and data leaks. Positive progress is being made, though," said Steve Daheb, senior vice president, Oracle Cloud. "Adopting tools that leverage intelligent automation to help close the skills gap are on the IT spend roadmap for the immediate future and the C-level is methodically unifying the different lines of business with a security-first culture in mind."
Demonstrating the level of fear and trust issues experienced by IT professionals, the study found that they are 3 times more concerned about the security of company financials and intellectual property than their home security.
The study also found that IT professionals have concerns about cloud service providers: 80% are concerned that the cloud service providers they do business with will become competitors in their core markets. Despite the fact that 75% of IT professionals view the public cloud as more secure than their own data centers, 92% do not trust that their organization is prepared to secure public cloud services. Nearly 80% say that recent data breaches experienced by other businesses have increased their organization's focus on securing data moving forward.
IT professionals are using a patchwork of different cybersecurity products to try and address data security concerns, but these systems are seldom configured correctly. According to the study, 78% of organizations use more than 50 discrete cybersecurity products to address security issues, and 37% use more than 100 cybersecurity products.
Organizations that discovered misconfigured cloud services experienced 10 or more data loss incidents in the last year, and 59% of organizations revealed that employees with privileged cloud accounts have had those credentials compromised by a spear phishing attack. The most common types of misconfigurations are over-privileged accounts (37%), exposed web servers and other types of server workloads (35%), and lack of multi-factor authentication for access to key services (33%).
Go here to access the survey report.