Logo

UK organisations falling short of Public Cloud security requirements

96% of UK organisations now feel confident in the security offered by Public Cloud providers.

A new report concludes that UK organisations are facing the ultimate stress test in protecting their Public Cloud architecture, as the pandemic sees new pressures applied – both in usage and cyber threats.

The survey, conducted by Opinion Matters and commissioned by AWS Premier Consulting and Managed Services Partner HeleCloud, discovered that while confidence in Public Cloud security has risen significantly among UK organisations (96%), there is a clear misunderstanding in what Public Cloud offers in terms of data protection.

Despite experts including the DCMS reporting a major spike in cyber-attacks since the pandemic began, only a third (38%) of UK organisations have assessed their Public Cloud architecture in the past six months. This falls short of the continuous assessment advocated by leading Cloud providers and their partners, leaving UK businesses open to data leaks and attacks.

“It is not uncommon that organisations of all sizes overestimate what Public Cloud does in terms of cybersecurity and compliance. It is without a doubt the most secure platform for data. However, to ensure this level of security, organisations have obligations and duties under that they need to fulfil,” explains Dob Todorov, CEO and Chief Cloud Officer at HeleCloud.

Business leaders vs. Security team

There was, however, some disparity in how confident people in different roles were about how well their organisations were utilising the tech. While 91% of security leaders felt that their chosen Public Cloud architecture was being used to its full potential, only 77% of business leaders agreed or strongly agreed with this statement.

“To Public Cloud providers, personal data is just zeros and ones. To organisations, personal data is an information asset and needs to be protected as such. GDPR obligations are much more straightforward to fulfil in the Cloud but they are still the responsibility of the organisations collecting and managing personal data – which is in effect every organisation – and not of the Cloud Services Providers,” he says.

UK skills shortage continues

The report also confirmed that a lack of understanding around Public Cloud security requirements was, in part, due to a demand for specialised cloud and security skills within UK organisations. In fact, 46% of UK SMEs and 43% of enterprise organisations believe human error to currently be their biggest vulnerability. What’s more, 7% of UK organisations don’t think they’ve got any vulnerabilities at all, suggesting a lack of expertise in identifying and managing Public Cloud dangers.

The report also found that your understanding of this demand and its impact depends on who you are in the business. While 68% of security leaders strongly agreed that their teams possess the necessary specialist skills to keep their businesses safe from cyber threats, only 45% of IT leaders and 38% of business leaders felt the same way.

Frustratingly for many, the skills gap cannot simply be solved by hiring more people.40% of UK organisations noted a timeline of between four and six months to hire people with the specialist Cloud experience needed.

“When it comes to security you’re only as strong as your weakest link. To tackle this, a holistic approach to security is required as no area can be ignored. However, organisations must not attempt this alone. Partners with specific Public Cloud security competencies under their belt should always be first on the list when it comes to solving security and compliance challenges in complex AWS architectures. Organisations don’t know, what they don’t know. This means that if an expert in Public Cloud security is not present, the architecture will not be held up to objective scrutiny and their exposure is much higher than they think or are able to tolerate,” continues Todorov.

To manage the risk of huge data losses, the report suggests that businesses look to Public Cloud partners, allowing access to expertise on how to best safeguard their Public Cloud environments without the need to wait six months to get it.

Sophos has published the findings of its global survey, “The IT Security Team: 2021 and Beyond,” whi...
Report highlights opportunity for security leaders to rethink and transform cybersecurity strategies...
LogRhythm’s NextGen SIEM Platform provides a single solution for proactively identifying, visualizin...
Trend Micro has released results from a new study that reveals SOC and IT security teams are sufferi...
Four in five (82%) businesses remain concerned about the security risks of employees working remotel...
The upgraded platform experience eases decision making for CISOs and demonstrates the positive impac...
The European Data Protection Board (EDPB) comprised of all the European Data Protection Authorities...
New solution helps Salesforce customers unlock the strategic value of Salesforce data while maintain...