CDW Cybersecurity Study: Why the Cloud Security Gap Must be Closed
Our study reveals that approximately 40 percent of Canadian organizations that store data in the cloud experienced a security incident.
It’s time to close the gap between cloud computing adoption and cloud security.
That’s an observation revealed in CDW Canada’s recently published 2023 Canadian Cybersecurity Study. Our research shows a large segment of respondents are choosing to store various types of data in the public cloud, including nearly 28 percent (one in four organizations) who say they store highly confidential and restricted data there. They also say their top concern with using public cloud is security.
The report reveals approximately 40 percent of Canadian organizations that store data in the cloud experienced a security incident. Especially concerning is the fact that two in five organizations that store highly restricted data, like personally identifiable information (PII) and protected health information (PHI), suffered cloud incidents during the past 12 months. The research also reveals there are many problems and concerns with cloud security and it seems clear that improvements are needed.
Cloud adoption complicates threat detection and response
CDW Canada’s Cybersecurity Practice Lead, Ivo Wiens, says the expansion and proliferation of cloud services has been a game-changer for business but adds complexity and a steep learning curve, making it harder for Canadian organizations to detect and respond to cyberthreats. He cites results from the survey that show leading challenges for detection and response in the cloud environment include:
- Security data collection and analysis (48 percent of respondents)
- Extending on-premises detection rules to the cloud (43 percent)
- Responding to incidents and forensics (39 percent)
Effective threat detection and response depends on a specialized set of skills, tools and processes that organizations must acquire to strengthen their overall threat detection and response program, Wiens says.
“Canadian organizations have invested in a myriad of security solutions in their effort to deal with incidents faster and more efficiently,” he says. “However, adoption rates for modern threat detection tools like extended detection and response; security orchestration, automation and response; endpoint detection and response; threat intelligence and threat hunting remain low.”
“To protect against modern threats, traditional log-based threat detection and manual response methods can only go so far,” he adds. “Without intelligence-based threat detection and automated and orchestrated response mechanisms, Canadian security teams will find it hard to tip the scales back in their favour.”
Cloud adoption and cyber risks
The gap between cloud adoption by Canadian organizations and efforts to secure public cloud have manifested into top cyber risks. Public cloud environments are highly impacted by security incidents, especially since more Canadian organizations rely on cloud storage for their sensitive data, Wiens says.
CDW’s research reveals that, as the sensitive nature of data increases, the number of Canadian organizations storing data in the public cloud decreases. For example, only 36 percent of respondents store confidential financial data in the public cloud and only 28 percent store highly restricted PII and PHI data in the public cloud.
A full 40 percent of Canadian organizations that store data in the cloud said they experienced a security incident, and two in five organizations that stored highly restricted data such as PII and PHI in the cloud suffered incidents.
Public cloud environments are the IT components most affected directly by a security incident, Wiens says, citing a key research finding from the survey. It may not be surprising that many Canadian organizations (35 percent) reported public cloud did not meet their initial security expectations.
“The risk impact has increased significantly as more Canadian organizations rely on cloud for storing their private, sensitive and secret data,” he says.
How to address top cloud security challenges
Cloud security may be particularly challenging for some organizations because it requires a shift in the approach, due to its inherent business model, Wiens says.
“Not only is the responsibility of cloud security shared between the provider and the customer, but cloud operations and application development have both been segregated from security in many organizations,” he says.
Canadian organizations reported the top three challenges that made cloud security difficult were data security (57 percent), network security (49 percent) and backup and recovery (46 percent).
According to Wiens, Canadian organizations can close the gap between cloud adoption and cloud security by determining the sensitivity of data in cloud, identifying and assessing the potential risks and understanding the shared responsibility model of cloud. All are necessary steps for prioritizing investments, skill acquisition and development, he says.
Get the full security study
CDW’s 2023 Canadian Cybersecurity Study was authored by IDC Canada and is based on an independent survey of more than 550 IT security and risk & compliance professionals across six industries. The resulting study assesses the cybersecurity challenges of their organizations, what were their greatest concerns regarding cyberthreats and identifies the security tools and strategies they use and are adopting.
The study provides comprehensive analysis and offers insightful recommendations by IDC’s security experts for how Canadian organizations can minimize risks and improve their cybersecurity defences and responses.