logo

[Infographics] Risks for European Companies Adopting a Cloud Strategy

The economic outlook for the European region as a whole is a healthy one. Analysts at IDC are forecasting the European cloud market will reach €80 billion by 2020. It’s one reason why the market is attracting so much interest from providers of Cloud service platforms. Today, global giants like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform compete alongside locally-based suppliers like ElasticHosts in the UK to win market share. That said, the market is by no means an easy one. Currently only around 1-in-5 (21%) European businesses have adopted a cloud-computing strategy with the UK and Nordic regions leading the way.

In this article, I want to discuss some of the top security concerns Europe’s IT pros shared with Netwrix in our recent Cloud Security In-Depth Report.

88% of European companies store sensitive data in the cloud

The findings shed light on what stops companies from expanding their use of cloud services and indicate what needs to happen to make cloud more secure and compelling for them.

Positive trends

Let’s take the positives first. European companies are more confident than their counterparts in North America at their ability to manage cloud security: 38% of respondents say cloud services have improved their overall security, while 18% say it makes no difference to their security posture. In contrary, only 26% of IT pros in North America agree that cloud adoption has improved their overall security.

38% of European companies say their overall security has improved after cloud adoption, compared to only 26% in North America

Nevertheless increased pressure from new regulations like GDPR means European companies cannot afford to rest on their laurels.

Another positive is that 59% of IT pros get senior management support for cloud security initiatives. It looks as though companies are finally starting to recognize the strategic role of the IT department within the business.

Top concerns

Possible data access by unauthorized parties is the top concern for 71% of respondents. According to 44% of respondents malware infection is another important issue. In North America the proportion of survey participants worried about malware is much higher due to the frequency of ransomware attacks there. Although European companies have experienced fewer attacks there have been some notable hits. Maersk, the Danish logistics company, suffered from NotPetya ransomware, as did NHS in England.

 

The third placed concern at 43% – only just behind malware – is lack of visibility into user activity in the cloud.

Top security risks

Only around 1-in-5 organizations (21%) claim to be able to see what their users get up to in the cloud, while the ability to monitor IT staff activity is only slightly better at 32%.

Closer inspection of the data reveals that an inability to monitor insider behavior properly is pretty common. Companies are very aware how risky this is: 49% of respondents regard their own employees as the biggest security threat.

The problem is exacerbated by a tendency among European companies to operate tiered applications that encompass on- and off-premise environments. According to IDC up to 40% of EU firms build up applications in hybrid IT environments.

Employees are the biggest security risks for the majority of European companies (49%)

Yet very few implement the technology and processes necessary to ensure their long-term viability. Instead the growing number of cloud locations makes vigilance harder and compounds the risk of unusual activity going unnoticed.

Planned security measures

The top security measures cited by participants in the Netwrix 2018 Cloud Security Report  underline how seriously companies take human error and threats from within.  Most try to minimize the risk of errors or illicit behaviors through training (57%) and tightening security policies (54%).

Nevertheless, such measures can only go so far. For better control over user activity IT departments also need systems that provide clear visibility into changes and unauthorized access attempts across the entire IT environment for risk mitigation.

Cloud security trends

We found plenty of evidence that use of cloud services is growing in popularity.  Among those we spoke to most companies (72%) have plans to move more data to the cloud, while 41% are ready to expand their use of cloud.

It’s easy to see why the Cloud is so attractive. It saves money and increases a company’s agility. Additionally, the range of services offered by cloud providers far exceeds what most SMBs could achieve by themselves. The global Cloud giants are also playing their part. AWS, for example, is training up 100,000 people in cloud across the EU during 2018. The aim is to make it is easier for public services and commercial enterprises to make the transition to Cloud services.

Only 31% of European companies are going to adopt cloud-first approach

Yet, companies still do not trust cloud enough to move their entire infrastructure to the cloud.  Less than 1-in-4 (24%) are ready to do so while those planning a cloud-first strategy are very much in a minority (31%).

Conclusion

In summary, European companies adopting a Cloud strategy face a number of internal and external risks. However, provided they bring their security policies into line with best practice for Cloud computing and gain more visibility into users’ activity across the IT environment as a whole there is no reason why the risks should be any different to on premise.

A tighter regulatory climate through measures like GDPR is unlikely to slow the rate of cloud adoption any more than it will slow economic growth. All it means is that companies will need to take extra care to ensure customer data stored in the cloud has the right protection.

Finally, Cloud providers themselves could do more to educate businesses about the additional security measures they should be taking instead of simply promoting the features and benefits of their own services.

To read the full report please click here.

View the full infographics (click on the image to open a high resolution version in a new tab)

Former General Manager EMEA at Netwrix. Matt holds a CISSP certification and has over 19 years of experience in the cybersecurity industry. He has worked for many organizations, specializing in areas such as risk management, identity and access management, and network and database security. In the Netwrix blog, Matt shares insights on how to achieve greater levels of security and compliance.