Despite the focus on cloud security, many organizations still have risk management lapses, such as not addressing disaster recovery and backup with their cloud service provider.

Threats in Cloud Top List of Executive Cyber Concerns, Pwc Finds

Migration to public cloud offers the promise of enhanced security, as workloads shift from legacy systems to modernized infrastructures where risk is shared.

But cloud security isn’t automatic. A robust defense requires a level of planning and coordination that may be overlooked in the rush to adopt the technology, especially as ecosystems grow beyond the reach of IT .

“Overall, cloud is more secure, if done right,” said Matt Gorham, Cyber & Privacy Innovation Institute leader at PwC. “But then you need to parse out securing the cloud versus securing your instance in the cloud, which are two separate things.”

Cultivating the in-house knowledge, tools and governance needed to manage cloud deployments requires investments of time and resources many enterprises have yet to allocate. Large companies, where the stakes of a breach are highest, tend to perform better in these areas, Gorham said.

“The top performers are likely to be more optimized and simplified in their tooling and approach to security,” said Gorham.

Instead of deploying multiple best-in-class security solutions, enterprises are better off settling on one integrated system that can be more easily mastered, according to Gorham.

“Having a simple environment allows you to invest in other things,” he said. “It gives you a better view of what's going on in your system and allows you to prosecute alerts in ways that aren’t always clear when you have a collection of various tools.”

Streamlining has already begun. While 15% of respondents indicated no current plans to simplify cyber operations, 44% said their organization already uses an integrated toolkit and another 39% are moving in that direction in the next two years.

Less mature organizations are also less likely to use off-the-shelf security features available from their cloud provider, Gorham said, or to have a tech leader with C-suite clout.

“If you're a CISO or CIO and you’re reporting up high, and you're having frequent interactions with the board, there's going to be a much greater focus on cyber risk,” Gorham said.

Back to Home


  • No comments yet.