2. STORYBOAR
core questions
■ What are the top cloud security threats facing enterprises?
■ How should cloud app vendors approach government
cooperation?
■ What capabilities are most valuable for protecting data?
■ Do IT leaders have adequate visibility into user activity?
■ How are organizations dealing with the shadow IT threat?
3. STORYBOAR
■ A few organizations now cloud-only
■ Most cloud-first or shifting to a
cloud-first mentality
■ Rate of adoption continues to grow
rapidly across all industries
cloud adoption continues to rise
most organizations have deployed at least one cloud app
5. STORYBOAR
biggest concern - external sharing
followed by unauthorized devices, data sync
■ Nearly 60% see external sharing
as a key concern
○ Cloud apps have made one
click sharing easier
■ Data sync concerns suggest orgs
need control over sync clients
6. STORYBOAR
■ Organizations need solutions that
leverage cloud APIs for control over
sharing
■ Real-time DLP limits risk at access
and download
■ UEBA trending up
sharing controls and DLP top cloud sec capabilities
access controls are increasingly valuable
7. STORYBOAR
■ One in three say yes, they expect
cloud providers to cooperate with
government
■ Small handful support government
mandated encryption algorithms
most opposed to government cooperation
over 30% say providers should turn over encrypted data
9. STORYBOAR
■ Many are turning to third-party
solutions
○ Separation of systems for
data-at-rest provides
additional level of security
■ 17% take no security measures.
IT leaders use encryption to combat security concerns
most are taking steps to limit risk of data leakage
10. STORYBOAR
■ Basic visibility provided by some
cloud apps
■ Cross-app visibility is limited orgs
without CASBs
most enterprises lack adequate visibility
cross-app visibility remains a challenge
11. STORYBOAR
■ Written policies ineffective in
protecting data
■ Blocking apps encourages
employees to work around IT
■ Useful technical controls, like
proxies, used by 29%
most orgs lack technical controls to combat shadow IT
a growing problem needs an effective solution
12. STORYBOAR
the enterprise is responsible for secure saas usage
components
usage/consumption
data
application
services
servers & storage
network
layer
data
application
infrastructure
owner
enterprise
13. STORYBOAR
security must
evolve to protect
data outside the
firewall
ungoverned
access to
corporate data in
the cloud
hidden Shadow
IT threats
sensitive cloud
data on
unmanaged
devices
14. STORYBOAR
findings recap
■ Public cloud adoption continues to rise, only 16% have no SaaS apps
deployed.
■ Split on government cooperation. 55% are opposed.
■ Shadow IT a concern, but few organizations have technical controls in
place.
■ Security incidents still rampant. 59% due to unwanted external sharing.
■ Cloud visibility is lacking. Less than 30% can monitor user logins and
activity.
17. resources:
more info about cloud security
■ report: mitigating cloud threats
■ whitepaper: definitive guide to casbs
■ report: cloud adoption by industry
Security capabilities most critical in your org
Visibility into how corporate data is being used
Control over access to data
Encryption of sensitive data
Potential for breaches
Something else
When talking to potential customers, sometimes this comes up. Aren’t cloud vendors already protecting their apps with native security features?
Very simple framework for thinking about this. WSJ test.