SlideShare une entreprise Scribd logo

Symantec Webinar Cloud Security Threat Report

Symantec
Symantec

Symantec 2019 Cloud Security Threat Report: Understand the Latest Cloud Security Trends. Watch the webinar on demand here: https://symc.ly/2Os8G4P.

Technologie
1  sur  31
Télécharger pour lire hors ligne
Understand the Latest Cloud Security Trends 2019 Cloud Security Threat Report (CSTR) Jim Reavis Co-Founder& CEO, CloudSecurity Alliance Kevin Haley Director,Security Technology & Response,Symantec
What It Is: The 2019 Cloud Security Threat Report Compares and contrasts the perceptions versus realities of cloud security using a combination of an external market study of 1250 IT decision-makers in 11 countries worldwide against various security telemetry that Symantec tracks across Cloud, email, Web security services, threat intelligence and other internally managed datasources. 2019 SymantecCloud Security Threat Report (CSTR) Download your copy today! Perceptions Reality Surveyed 1250 IT Decision Makers / Across 11 Countries
Agenda 1. Key Findings from the 2019CSTR 2. Attackingthe Risks –Solutions to Risky User Behavior 3. Cloud Security Alliance’s (CSA) View on the Future of Cloud Security 4. Best Practices:Building an Effective Cloud Security Strategy Understandthe LatestCloud Security Trends
Copyright © 2018 Symantec Corporation SYMANTEC CONFIDENTIAL – INTERNAL USE ONLY 2019 CSTR Key Findings The main reasons? Copyright © 2018 Symantec Corporation SYMANTEC CONFIDENTIAL – INTERNAL USE ONLY 54% SAY THEIR CLOUD SECURITY CAN’T KEEP UP 53% OF WORKLOADS ARE IN THE CLOUD 69% Confidence is low BELIEVE THEIR DATA IS ALREADY FOR SALE ON THE DARK WEB. 1/3 Risky End-User Behavior OF DATA IN THE CLOUD SHOULDN’T BE THERE.3/4 Immature Security Practices EXPERIENCED A SECURITY INCIDENT DUE TO POOR CONFIGURATION, NOT USING 2FA, DLP OR ENCRYPTION 25% Overtaxed IT Staff OF CLOUD SECURITY ALERTS GO UNADDRESSED. 4x Lack of Visibility COMPANIES ESTIMATE THEY USE 452 CLOUD APPS; THE ACTUALNUMBER IS NEARLY FOUR TIMES HIGHER (1,807) Enterprises have reached a tipping point Symantec Cloud Security - research results
Symantec Cloud Security - research results 7% 20% 34% 27% 8% 3% 7% 20% 31% 28% 10% 4% 7% 21% 36% 25% 7% 2% 8% 20% 38% 27% 4% 3% 1-20% of total workload 20-40% of total workload 40-60% of total workload 60-80% of total workload 80-99% of total workload 100% - all computer workload has been moved to the cloud Total Americas [500] Western Europe [450] Asia-Pacific [300] Analysis showing what percentage ofworkload at respondents’ organizations have already been moved to the cloud. Asked to all respondents (1,250), split by geographic region (base in chart [x]) 53% total average 54% Americas average 52% Western Europe average 51% Asia- Pacific average 2019 CSTR Key Findings The movement of workloads onto the cloud
Struggle to keep up with cloud Symantec Cloud Security - research results 54% OF RESPONDENTS AGREE THAT THEIR ORGANIZATION’S CLOUD SECURITY MATURITY CANNOT KEEP UP WITH THE RAPID EXPANSION OF NEW CLOUD APPS My organization’sincreasinglycomplex cloud infrastructure is openingus up to a host of new threats My organization’scloud securitymaturityis not able to keep up with the rapid expansionofnew cloud apps My organization’scloud securityteam is too overloaded to address manyofthe alerts that it receives There is no central authorityor guidance for how to select or enable correct cloud app controls 43% 49% 54% 65% FIGURE 26: Analysisshowingthepercentage of respondents who agree with the statements above. Asked to all respondents (1,250) 2019 CSTR Key Findings
Real World Examples *Information provided by David McCandless, InformationIsBeautiful.net.
Symantec Cloud Security - research results FIGURE 5: “Has your organizationencountered problems dueto a lack of visibility of cloud workloads when expandingcloud infrastructure?”asked to all respondents (1,250) 34% 30% 29% 27% 27% 25% 24% 21% 17% 15% 10% 7% Increase incomplexity of the cloud/cloud infrastructure now difficult to manage Data duplication/cloudapptype duplication Possible repetitive costs formultiple instances/licenses ofcloudapps Rise in shadow IT – unknown business apps in use Lack of control over dataaccess Inability to identify threats Threat detectiontakes too long Unable to ensure data protectionregulatory compliance Siloeddata Unknownnumber of endpoints There have been no negative impacts due to a lack of visibility of cloud There isn’t a lack of visibility of cloudworkloads 2019 CSTR Key Findings Losing visibility when expanding cloud infrastructure Download and Run Cloud Apps without informing IT 36%
Symantec Cloud Security - research results PERCEPTION 452 1807CLOUD APPS 2019 CSTR Key Findings Losing visibility when expanding cloud infrastructure ACCORDING TO SURVEY RESPONDENTS, THE AVERAGE ORGANIZATION BELIEVES ITS EMPLOYEES ARE USING 452 CLOUD APPS. HOWEVER, ACCORDING TO SYMANTEC’S OWN DATA, THE ACTUAL NUMBER OF SHADOW IT APPS IN USE PER ORGANIZATIONIS NEARLYFOUR TIMES HIGHER,AT 1,807. REALITY CLOUD APPS
Oversharing sensitive files Symantec Cloud Security - research results 93% OF RESPONDENTS BELIEVE OVERSHARING CLOUD STORED FILES CONTAINING COMPLIANCE DATA IS A PROBLEM 93% 93% 94% 93% 35% 37% 33% 36% Total Americas [489] Western Europe [444] Asia Pacific [296] FIGURE 10: Analysisshowingthepercentage of respondents who think that cloud stored files containingcompliancedata areovershared within their organization,vs.theaverage percentage of cloud stored files thatareovershared in respondents’opinions.Asked to respondents whoseorganization storesdata on cloud (1,229),split by geographic region (basein chart[x]) Percentage of respondents who thinkthat cloud stored files containing compliance data are overshared withintheir organization Average percentage of cloud stored files that are overshared in respondents’opinions 2019 CSTR Key Findings
Data on the dark web Symantec Cloud Security - research results FIGURE 25: “Has your organizationseen any evidenceof its data beingsold/offered on the dark web to third parties?” asked to all respondents (1,250) 68% HAVE SEEN DIRECT OR LIKELY EVIDENCE THAT THEIR DATA HAD BEEN FOR SALE ON THE DARK WEB Yes, we haveseen our data for sale Yes, we haveseen strongevidence of our data beingoffered for sale Maybe, we haveseen evidence to suggest that our data might be for sale No, we have not seen anyevidence but suspect that it is regardless No, we don’t thinkthis has happened 31% 19% 15% 22% 11% 2019 CSTR Key Findings
24% 21% 11% 11% 9% 7% 7% 6% 4% Security incidents Symantec Cloud Security - research results FIGURE 8: “When thinkingaboutyour infrastructureor apps in thecloud,whattypes of security incidents areyou investigatingthe most?” asked to all respondents (1,250) Data breaches Cloud malware injection DDOS Cross-cloud attacks Cloud orchestrationattacks Serverless/Function-as-a-Service attacks Insider attacks Account takeovers Side channel attacks 37% 32% 31% 5% FIGURE 9: “What percentage of security incidents investigated by your organization haveoccurred in thecloud or on-premiseover the past12 months?” showingthe average percentage specified for each answer option,asked to respondents whose organizations stores data both in the cloud and on-premise(838) Percentage of solely on-premises incidents Percentage of solelycloud incidents Percentage that are a mix of cloud and on-premise incidents Don’t know 2019 CSTR Key Findings
2019 ISTR Targeted Attack Groups
Threats to cloud infrastructure Symantec Cloud Security - research results FIGURE 14: “What havebeen the biggestthreats to your organization’scloud infrastructureover the last12 months?”displayinga combination of responses ranked first,second,and third,asked to all respondents (1,250) 45% 43% 42% 37% 35% 35% 30% 28% Managing identity and authentication Phishing Accidental insider threats Advanced persistent threats Malicious insider threats DevOps/container security/insecure APIs Poor visibility into infrastructure Remote employees TOP three THREATS… CSTR Key Findings
Risky behavior by employees Symantec Cloud Security - research results FIGURE 23: “Have you encountered any instancesof employees at your organization exhibitingany of the followinghigh-risk behavior in regard to cloud applicationsin thepast12 months?” asked to all respondents (1,250) NINE IN TEN RESPONDENTS HAVE ENCOUNTERED EMPLOYEES AT THEIR ORGANIZATION EXHIBITING HIGH-RISK BEHAVIOR… 90% 37% 36% 35% 34% 32% 31% 28% 28% 18% 10% Weak passwords/badpasswordpolicies Downloadingorusing cloudapps without telling IT (shadow IT) Using their owndevice forwork purposes Poor passwordhygiene (storingthemonan Excel ornotepad) Using personal email forcorporate documents to avoidattachment limitations Multiple people accessingone account Relaxedapproachto cloudinfrastructure management Over-use of cloudinfrastructurefor highly confidential data Unknowncorporate expenditure for cloudapp licensing There have been no instances of risky employee behavior in the last 12 months 2019 CSTR Key Findings
Regional Office Roaming Users Headquarters Solutionsto RiskyUser Behavior ✓ Multi-Factor Authentication ✓ Uniformed Policies ✓ Compliance Tracking ✓ Access Management ✓ Encryption ✓ DLP
IaaS & PaaS Private Cloud DC SaaS Apps Regional Office Roaming Users Headquarters 37% 31%34% Passwords Weak/Bad Bad Hygiene Sharing RiskyUser Behaviorin the Cloud NEGLECTTO IMPLEMENT MULTI-FACTOR AUTHENTICATION(MFA)
Regional Office Roaming Users Headquarters 35% 32% Access Unauth Device Personal Email RiskyUser Behaviorin the Cloud 37% 31%34% Passwords Weak/Bad Bad Hygiene Sharing SaaS Apps IaaS & PaaS Private Cloud DC
Regional Office Roaming Users Headquarters Regional Office Roaming Users Headquarters 36% 28% Data Flow Unauth CloudApp Confidential Data RiskyUser Behaviorin the Cloud 35% 32% Access Unauth Device Personal Email 37% 31%34% Passwords Weak/Bad Bad Hygiene Sharing SaaS Apps IaaS & PaaS Private Cloud DC
Regional Office Roaming Users Headquarters Regional Office Roaming Users Headquarters Solutionsto RiskyUser Behavior ✓ Multi-Factor Authentication ✓ Uniformed Policies ✓ Compliance Tracking ✓ Access Management ✓ Encryption ✓ DLP SaaS Apps IaaS & PaaS Private Cloud DC
Regional Office Roaming Users Headquarters Solutionsto RiskyUser Behavior ✓ Multi-Factor Authentication ✓ Uniformed Policies ✓ Compliance Tracking ✓ Access Management ✓ Encryption ✓ DLP SaaS Apps IaaS & PaaS Private Cloud DC
Regional Office Roaming Users Headquarters Solutionsto RiskyUser Behavior ✓ Multi-Factor Authentication ✓ Uniformed Policies ✓ Compliance Tracking ✓ Access Management ✓ DLP ✓ Encryption SaaS Apps IaaS & PaaS Private Cloud DC
Regional Office Roaming Users Headquarters Regional Office Roaming Users Headquarters 28% Personal Accounts 28% Lack of mult-factor 27% Lack of DLP 27% Lack of Encryption Solutionsto RiskyUser Behavior BLAME IMMATURE SECURITY PRACTICES FOR AT LEASTONE CLOUD INCIDENT SaaS Apps IaaS & PaaS Private Cloud DC
A B O U T “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” CLO UD PRO VIDER CERT IFICAT IO N – CSA ST AR T HE G LO BALLY AUT HO RIT AT IVE SO URCE FO R T RUST IN T HE CLO UD USER CERT IFICAT IO N – CCSK BUILDING SECURIT Y BEST PRACT ICES FO R NEXT G ENERAT IO N IT RESEARCH AND EDUCAT IO NAL PRO G RAM S G LO BAL, NO T -FO R-PROFIT O RG ANIZAT IO N 2 0 + AC TI VE W O RK ING GR O UP S 9 5 ,0 0 0 + I ND I VID UAL MEMBERS 4 0 0 + C O RP O RATE MEMBERS 1 0 0 + C HAP TERS F O U N D E D I N 2 0 0 9 Cloud Security Alliance- CSA
Symantec Cloud Security - research results Cloud attacks & breaches may explode as a function of greater usage CSTR Fact: 25% of cloudsecurity alerts go unaddressed. Ubiquity of compute (cloud & IoT), storage (cloud & IoT) and bandwidth (5G) challenges notion of Security at Scale Is the ubiquity of compute leading to a loss of privacy? CSA – The Future of Cloud Security Concerns for the future CSTR Fact: 1/3 of the data inthe cloudshouldn’t be there. • GDPR is not the last privacy regulation– more are coming • Greateraccountabilityand liability for PII breaches and stewardship CSTR Fact: Organizations have reacheda tipping point with 54% of their workloads residingin the cloud.
CSA – The Future of Cloud Security Do we need to reimagine the role security plays in the enterprise? Concerns for the future CSTR Fact: Organizations underestimatetheiruse of cloudapps by nearly 4x. As cloud matures, will enterprises maintain agility, portability & choice? CSTR Fact: 54% of organizations agree that their cloudsecurity maturity isn’t able to keep up with the rapid expansionof new cloudapps Symantec Cloud Security - research results
CSA’s View on The Future of Cloud Security Enterprise Strategies as told to CSA 1 2 3 4 5 View cloud as a platform for delivering pervasive cybersecurity – Security as a Service Security at scale via automation ▪ DevOps/DevSecOps ▪ Machine Learning/ AI / Data Sciences Highly virtualized architectures and frameworks ▪ Zero Trust & softwaredefinedperimeter ▪ Microsegmentation ▪ Containerized,microservices & Serverless ▪ Structuredframeworks andorchestration to shrink threat windows ▪ Highly dependent upon identity and crypto implementation Cloud security skills upgrade needed Exploring how Blockchain can be leveraged as a security solution
CSA’s View on The Future of Cloud Security Blockchain as a Security Game Changer? • Blockchain: the immutable logging infrastructure at the heart of cryptocurrencies - Implementationgrowing out side of Bitcoin,e.g. supply chains - Distributed,sometimes seen as “anti-cloud” • Cloud security is very dynamic and in some ways resembles a supply chain • Blockchain provides a security, transparency, accountability layer on top of cloud, and puts it in the hands of the users • We may see a few standard public Blockchains the cybersecurity industry will agree on, e.g. IT Audit, public facing technology stacks, credentialing, anonymized threat intel sharing • Blockchain + Cloud = Worldwide ledger of trust
29 Best Practices:Building an EffectiveCloud SecurityStrategy DEVELOP AGOVERNANCE STRATEGY SUPPORTEDBY A CLOUD CENTEROF EXCELLENCE (CCoE) EMBRACE AZERO- TRUST MODEL PROMOTE SHARED RESPONSIBILITY USE AUTOMATIONAND ARTIFICIALINTELLIGENCE WHEREVER POSSIBLE AUGMENT IN-HOUSE CLOUD SECURITYEXPERTISE WITH MANAGED SERVICES
QUESTIONS? Jim Reavis Co-Founder& CEO, CloudSecurity Alliance Kevin Haley Director,Security Technology & Response,Symantec
Thank You! Jim Reavis Co-Founder& CEO, CloudSecurity Alliance Kevin Haley Director,Security Technology & Response,Symantec Understand the Latest Cloud Security Trends 2019 Cloud Security Threat Report (CSTR)

Recommandé

Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
Symantec
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
Michael Torres
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data Center
VMUG IT
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
Gokul Alex
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
Forcepoint LLC
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
Keet Sugathadasa
 

Recommandé

Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
Symantec
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
Michael Torres
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data Center
VMUG IT
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
Gokul Alex
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
Forcepoint LLC
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
Keet Sugathadasa
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
Vishal Sharma
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
Gokul Alex
 
Trend Micro - is your cloud secure
Trend Micro - is your cloud secureTrend Micro - is your cloud secure
Trend Micro - is your cloud secure
Kappa Data
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
Tzar Umang
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
Digital Transformation EXPO Event Series
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
Zscaler
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat
IBM Security
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
KloudLearn
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud Generation
Forcepoint LLC
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
Susanne Tedrick
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
Allessandra Negri
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
Forcepoint LLC
 
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Skybox Security
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
Brian K. Dickard
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
Iftikhar Ali Iqbal
 
Cloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard SlideCloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard Slide
acinfotec
 
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the CloudTop 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
Forcepoint LLC
 
trellix-mind-of-the-ciso-report-ebook-behind-the-breach.pdf
trellix-mind-of-the-ciso-report-ebook-behind-the-breach.pdftrellix-mind-of-the-ciso-report-ebook-behind-the-breach.pdf
trellix-mind-of-the-ciso-report-ebook-behind-the-breach.pdf
w2sdvzdjtz
 
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
United States Cybersecurity Institute (USCSI®)
 

Contenu connexe

Tendances

Trend Micro - is your cloud secure
Trend Micro - is your cloud secureTrend Micro - is your cloud secure
Trend Micro - is your cloud secure
Kappa Data
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
Zscaler
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat
IBM Security
 
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Skybox Security
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
Iftikhar Ali Iqbal
 

Tendances (20)

Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and Frontiers
 
Trend Micro - is your cloud secure
Trend Micro - is your cloud secureTrend Micro - is your cloud secure
Trend Micro - is your cloud secure
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud Generation
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
 
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
 
Cloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard SlideCloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard Slide
 
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the CloudTop 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
 

Similaire à Symantec Webinar Cloud Security Threat Report

Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security study
Dome9 Security
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
David J Rosenthal
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
Dave Darnell
 
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationFive Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
Christopher Doman
 
The State of Cyber Defense Report by Kroll - CY 2023
The State of Cyber Defense Report by Kroll - CY 2023The State of Cyber Defense Report by Kroll - CY 2023
The State of Cyber Defense Report by Kroll - CY 2023
Ryan Frunnile
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS Environments
Info-Tech Research Group
 

Similaire à Symantec Webinar Cloud Security Threat Report (20)

trellix-mind-of-the-ciso-report-ebook-behind-the-breach.pdf
trellix-mind-of-the-ciso-report-ebook-behind-the-breach.pdftrellix-mind-of-the-ciso-report-ebook-behind-the-breach.pdf
trellix-mind-of-the-ciso-report-ebook-behind-the-breach.pdf
 
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
 
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdfUNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
A Review On Data Security In Cloud Computing
A Review On Data Security In Cloud ComputingA Review On Data Security In Cloud Computing
A Review On Data Security In Cloud Computing
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
Ponemon cloud security study
Ponemon cloud security studyPonemon cloud security study
Ponemon cloud security study
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
 
2018 State of Cyber Resilience Report - Ireland
2018 State of Cyber Resilience Report - Ireland2018 State of Cyber Resilience Report - Ireland
2018 State of Cyber Resilience Report - Ireland
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationFive Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
 
The State of Cyber Defense Report by Kroll - CY 2023
The State of Cyber Defense Report by Kroll - CY 2023The State of Cyber Defense Report by Kroll - CY 2023
The State of Cyber Defense Report by Kroll - CY 2023
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS Environments
 
Treating Security Like a Product
Treating Security Like a ProductTreating Security Like a Product
Treating Security Like a Product
 

Plus de Symantec

Plus de Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators Want
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 Webinar
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Symantec Webinar Cloud Security Threat Report

  • 1. Understand the Latest Cloud Security Trends 2019 Cloud Security Threat Report (CSTR) Jim Reavis Co-Founder& CEO, CloudSecurity Alliance Kevin Haley Director,Security Technology & Response,Symantec
  • 2. What It Is: The 2019 Cloud Security Threat Report Compares and contrasts the perceptions versus realities of cloud security using a combination of an external market study of 1250 IT decision-makers in 11 countries worldwide against various security telemetry that Symantec tracks across Cloud, email, Web security services, threat intelligence and other internally managed datasources. 2019 SymantecCloud Security Threat Report (CSTR) Download your copy today! Perceptions Reality Surveyed 1250 IT Decision Makers / Across 11 Countries
  • 3. Agenda 1. Key Findings from the 2019CSTR 2. Attackingthe Risks –Solutions to Risky User Behavior 3. Cloud Security Alliance’s (CSA) View on the Future of Cloud Security 4. Best Practices:Building an Effective Cloud Security Strategy Understandthe LatestCloud Security Trends
  • 4. Copyright © 2018 Symantec Corporation SYMANTEC CONFIDENTIAL – INTERNAL USE ONLY 2019 CSTR Key Findings The main reasons? Copyright © 2018 Symantec Corporation SYMANTEC CONFIDENTIAL – INTERNAL USE ONLY 54% SAY THEIR CLOUD SECURITY CAN’T KEEP UP 53% OF WORKLOADS ARE IN THE CLOUD 69% Confidence is low BELIEVE THEIR DATA IS ALREADY FOR SALE ON THE DARK WEB. 1/3 Risky End-User Behavior OF DATA IN THE CLOUD SHOULDN’T BE THERE.3/4 Immature Security Practices EXPERIENCED A SECURITY INCIDENT DUE TO POOR CONFIGURATION, NOT USING 2FA, DLP OR ENCRYPTION 25% Overtaxed IT Staff OF CLOUD SECURITY ALERTS GO UNADDRESSED. 4x Lack of Visibility COMPANIES ESTIMATE THEY USE 452 CLOUD APPS; THE ACTUALNUMBER IS NEARLY FOUR TIMES HIGHER (1,807) Enterprises have reached a tipping point Symantec Cloud Security - research results
  • 5. Symantec Cloud Security - research results 7% 20% 34% 27% 8% 3% 7% 20% 31% 28% 10% 4% 7% 21% 36% 25% 7% 2% 8% 20% 38% 27% 4% 3% 1-20% of total workload 20-40% of total workload 40-60% of total workload 60-80% of total workload 80-99% of total workload 100% - all computer workload has been moved to the cloud Total Americas [500] Western Europe [450] Asia-Pacific [300] Analysis showing what percentage ofworkload at respondents’ organizations have already been moved to the cloud. Asked to all respondents (1,250), split by geographic region (base in chart [x]) 53% total average 54% Americas average 52% Western Europe average 51% Asia- Pacific average 2019 CSTR Key Findings The movement of workloads onto the cloud
  • 6. Struggle to keep up with cloud Symantec Cloud Security - research results 54% OF RESPONDENTS AGREE THAT THEIR ORGANIZATION’S CLOUD SECURITY MATURITY CANNOT KEEP UP WITH THE RAPID EXPANSION OF NEW CLOUD APPS My organization’sincreasinglycomplex cloud infrastructure is openingus up to a host of new threats My organization’scloud securitymaturityis not able to keep up with the rapid expansionofnew cloud apps My organization’scloud securityteam is too overloaded to address manyofthe alerts that it receives There is no central authorityor guidance for how to select or enable correct cloud app controls 43% 49% 54% 65% FIGURE 26: Analysisshowingthepercentage of respondents who agree with the statements above. Asked to all respondents (1,250) 2019 CSTR Key Findings
  • 7. Real World Examples *Information provided by David McCandless, InformationIsBeautiful.net.
  • 8. Symantec Cloud Security - research results FIGURE 5: “Has your organizationencountered problems dueto a lack of visibility of cloud workloads when expandingcloud infrastructure?”asked to all respondents (1,250) 34% 30% 29% 27% 27% 25% 24% 21% 17% 15% 10% 7% Increase incomplexity of the cloud/cloud infrastructure now difficult to manage Data duplication/cloudapptype duplication Possible repetitive costs formultiple instances/licenses ofcloudapps Rise in shadow IT – unknown business apps in use Lack of control over dataaccess Inability to identify threats Threat detectiontakes too long Unable to ensure data protectionregulatory compliance Siloeddata Unknownnumber of endpoints There have been no negative impacts due to a lack of visibility of cloud There isn’t a lack of visibility of cloudworkloads 2019 CSTR Key Findings Losing visibility when expanding cloud infrastructure Download and Run Cloud Apps without informing IT 36%
  • 9. Symantec Cloud Security - research results PERCEPTION 452 1807CLOUD APPS 2019 CSTR Key Findings Losing visibility when expanding cloud infrastructure ACCORDING TO SURVEY RESPONDENTS, THE AVERAGE ORGANIZATION BELIEVES ITS EMPLOYEES ARE USING 452 CLOUD APPS. HOWEVER, ACCORDING TO SYMANTEC’S OWN DATA, THE ACTUAL NUMBER OF SHADOW IT APPS IN USE PER ORGANIZATIONIS NEARLYFOUR TIMES HIGHER,AT 1,807. REALITY CLOUD APPS
  • 10. Oversharing sensitive files Symantec Cloud Security - research results 93% OF RESPONDENTS BELIEVE OVERSHARING CLOUD STORED FILES CONTAINING COMPLIANCE DATA IS A PROBLEM 93% 93% 94% 93% 35% 37% 33% 36% Total Americas [489] Western Europe [444] Asia Pacific [296] FIGURE 10: Analysisshowingthepercentage of respondents who think that cloud stored files containingcompliancedata areovershared within their organization,vs.theaverage percentage of cloud stored files thatareovershared in respondents’opinions.Asked to respondents whoseorganization storesdata on cloud (1,229),split by geographic region (basein chart[x]) Percentage of respondents who thinkthat cloud stored files containing compliance data are overshared withintheir organization Average percentage of cloud stored files that are overshared in respondents’opinions 2019 CSTR Key Findings
  • 11. Data on the dark web Symantec Cloud Security - research results FIGURE 25: “Has your organizationseen any evidenceof its data beingsold/offered on the dark web to third parties?” asked to all respondents (1,250) 68% HAVE SEEN DIRECT OR LIKELY EVIDENCE THAT THEIR DATA HAD BEEN FOR SALE ON THE DARK WEB Yes, we haveseen our data for sale Yes, we haveseen strongevidence of our data beingoffered for sale Maybe, we haveseen evidence to suggest that our data might be for sale No, we have not seen anyevidence but suspect that it is regardless No, we don’t thinkthis has happened 31% 19% 15% 22% 11% 2019 CSTR Key Findings
  • 12. 24% 21% 11% 11% 9% 7% 7% 6% 4% Security incidents Symantec Cloud Security - research results FIGURE 8: “When thinkingaboutyour infrastructureor apps in thecloud,whattypes of security incidents areyou investigatingthe most?” asked to all respondents (1,250) Data breaches Cloud malware injection DDOS Cross-cloud attacks Cloud orchestrationattacks Serverless/Function-as-a-Service attacks Insider attacks Account takeovers Side channel attacks 37% 32% 31% 5% FIGURE 9: “What percentage of security incidents investigated by your organization haveoccurred in thecloud or on-premiseover the past12 months?” showingthe average percentage specified for each answer option,asked to respondents whose organizations stores data both in the cloud and on-premise(838) Percentage of solely on-premises incidents Percentage of solelycloud incidents Percentage that are a mix of cloud and on-premise incidents Don’t know 2019 CSTR Key Findings
  • 14. Threats to cloud infrastructure Symantec Cloud Security - research results FIGURE 14: “What havebeen the biggestthreats to your organization’scloud infrastructureover the last12 months?”displayinga combination of responses ranked first,second,and third,asked to all respondents (1,250) 45% 43% 42% 37% 35% 35% 30% 28% Managing identity and authentication Phishing Accidental insider threats Advanced persistent threats Malicious insider threats DevOps/container security/insecure APIs Poor visibility into infrastructure Remote employees TOP three THREATS… CSTR Key Findings
  • 15. Risky behavior by employees Symantec Cloud Security - research results FIGURE 23: “Have you encountered any instancesof employees at your organization exhibitingany of the followinghigh-risk behavior in regard to cloud applicationsin thepast12 months?” asked to all respondents (1,250) NINE IN TEN RESPONDENTS HAVE ENCOUNTERED EMPLOYEES AT THEIR ORGANIZATION EXHIBITING HIGH-RISK BEHAVIOR… 90% 37% 36% 35% 34% 32% 31% 28% 28% 18% 10% Weak passwords/badpasswordpolicies Downloadingorusing cloudapps without telling IT (shadow IT) Using their owndevice forwork purposes Poor passwordhygiene (storingthemonan Excel ornotepad) Using personal email forcorporate documents to avoidattachment limitations Multiple people accessingone account Relaxedapproachto cloudinfrastructure management Over-use of cloudinfrastructurefor highly confidential data Unknowncorporate expenditure for cloudapp licensing There have been no instances of risky employee behavior in the last 12 months 2019 CSTR Key Findings
  • 16. Regional Office Roaming Users Headquarters Solutionsto RiskyUser Behavior ✓ Multi-Factor Authentication ✓ Uniformed Policies ✓ Compliance Tracking ✓ Access Management ✓ Encryption ✓ DLP
  • 17. IaaS & PaaS Private Cloud DC SaaS Apps Regional Office Roaming Users Headquarters 37% 31%34% Passwords Weak/Bad Bad Hygiene Sharing RiskyUser Behaviorin the Cloud NEGLECTTO IMPLEMENT MULTI-FACTOR AUTHENTICATION(MFA)
  • 18. Regional Office Roaming Users Headquarters 35% 32% Access Unauth Device Personal Email RiskyUser Behaviorin the Cloud 37% 31%34% Passwords Weak/Bad Bad Hygiene Sharing SaaS Apps IaaS & PaaS Private Cloud DC
  • 19. Regional Office Roaming Users Headquarters Regional Office Roaming Users Headquarters 36% 28% Data Flow Unauth CloudApp Confidential Data RiskyUser Behaviorin the Cloud 35% 32% Access Unauth Device Personal Email 37% 31%34% Passwords Weak/Bad Bad Hygiene Sharing SaaS Apps IaaS & PaaS Private Cloud DC
  • 20. Regional Office Roaming Users Headquarters Regional Office Roaming Users Headquarters Solutionsto RiskyUser Behavior ✓ Multi-Factor Authentication ✓ Uniformed Policies ✓ Compliance Tracking ✓ Access Management ✓ Encryption ✓ DLP SaaS Apps IaaS & PaaS Private Cloud DC
  • 21. Regional Office Roaming Users Headquarters Solutionsto RiskyUser Behavior ✓ Multi-Factor Authentication ✓ Uniformed Policies ✓ Compliance Tracking ✓ Access Management ✓ Encryption ✓ DLP SaaS Apps IaaS & PaaS Private Cloud DC
  • 22. Regional Office Roaming Users Headquarters Solutionsto RiskyUser Behavior ✓ Multi-Factor Authentication ✓ Uniformed Policies ✓ Compliance Tracking ✓ Access Management ✓ DLP ✓ Encryption SaaS Apps IaaS & PaaS Private Cloud DC
  • 23. Regional Office Roaming Users Headquarters Regional Office Roaming Users Headquarters 28% Personal Accounts 28% Lack of mult-factor 27% Lack of DLP 27% Lack of Encryption Solutionsto RiskyUser Behavior BLAME IMMATURE SECURITY PRACTICES FOR AT LEASTONE CLOUD INCIDENT SaaS Apps IaaS & PaaS Private Cloud DC
  • 24. A B O U T “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” CLO UD PRO VIDER CERT IFICAT IO N – CSA ST AR T HE G LO BALLY AUT HO RIT AT IVE SO URCE FO R T RUST IN T HE CLO UD USER CERT IFICAT IO N – CCSK BUILDING SECURIT Y BEST PRACT ICES FO R NEXT G ENERAT IO N IT RESEARCH AND EDUCAT IO NAL PRO G RAM S G LO BAL, NO T -FO R-PROFIT O RG ANIZAT IO N 2 0 + AC TI VE W O RK ING GR O UP S 9 5 ,0 0 0 + I ND I VID UAL MEMBERS 4 0 0 + C O RP O RATE MEMBERS 1 0 0 + C HAP TERS F O U N D E D I N 2 0 0 9 Cloud Security Alliance- CSA
  • 25. Symantec Cloud Security - research results Cloud attacks & breaches may explode as a function of greater usage CSTR Fact: 25% of cloudsecurity alerts go unaddressed. Ubiquity of compute (cloud & IoT), storage (cloud & IoT) and bandwidth (5G) challenges notion of Security at Scale Is the ubiquity of compute leading to a loss of privacy? CSA – The Future of Cloud Security Concerns for the future CSTR Fact: 1/3 of the data inthe cloudshouldn’t be there. • GDPR is not the last privacy regulation– more are coming • Greateraccountabilityand liability for PII breaches and stewardship CSTR Fact: Organizations have reacheda tipping point with 54% of their workloads residingin the cloud.
  • 26. CSA – The Future of Cloud Security Do we need to reimagine the role security plays in the enterprise? Concerns for the future CSTR Fact: Organizations underestimatetheiruse of cloudapps by nearly 4x. As cloud matures, will enterprises maintain agility, portability & choice? CSTR Fact: 54% of organizations agree that their cloudsecurity maturity isn’t able to keep up with the rapid expansionof new cloudapps Symantec Cloud Security - research results
  • 27. CSA’s View on The Future of Cloud Security Enterprise Strategies as told to CSA 1 2 3 4 5 View cloud as a platform for delivering pervasive cybersecurity – Security as a Service Security at scale via automation ▪ DevOps/DevSecOps ▪ Machine Learning/ AI / Data Sciences Highly virtualized architectures and frameworks ▪ Zero Trust & softwaredefinedperimeter ▪ Microsegmentation ▪ Containerized,microservices & Serverless ▪ Structuredframeworks andorchestration to shrink threat windows ▪ Highly dependent upon identity and crypto implementation Cloud security skills upgrade needed Exploring how Blockchain can be leveraged as a security solution
  • 28. CSA’s View on The Future of Cloud Security Blockchain as a Security Game Changer? • Blockchain: the immutable logging infrastructure at the heart of cryptocurrencies - Implementationgrowing out side of Bitcoin,e.g. supply chains - Distributed,sometimes seen as “anti-cloud” • Cloud security is very dynamic and in some ways resembles a supply chain • Blockchain provides a security, transparency, accountability layer on top of cloud, and puts it in the hands of the users • We may see a few standard public Blockchains the cybersecurity industry will agree on, e.g. IT Audit, public facing technology stacks, credentialing, anonymized threat intel sharing • Blockchain + Cloud = Worldwide ledger of trust
  • 29. 29 Best Practices:Building an EffectiveCloud SecurityStrategy DEVELOP AGOVERNANCE STRATEGY SUPPORTEDBY A CLOUD CENTEROF EXCELLENCE (CCoE) EMBRACE AZERO- TRUST MODEL PROMOTE SHARED RESPONSIBILITY USE AUTOMATIONAND ARTIFICIALINTELLIGENCE WHEREVER POSSIBLE AUGMENT IN-HOUSE CLOUD SECURITYEXPERTISE WITH MANAGED SERVICES
  • 30. QUESTIONS? Jim Reavis Co-Founder& CEO, CloudSecurity Alliance Kevin Haley Director,Security Technology & Response,Symantec
  • 31. Thank You! Jim Reavis Co-Founder& CEO, CloudSecurity Alliance Kevin Haley Director,Security Technology & Response,Symantec Understand the Latest Cloud Security Trends 2019 Cloud Security Threat Report (CSTR)