Better synchronization, mapping, and collaboration across frameworks and tools are needed to improve risk management and measurement
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Measuring Risk and Risk Governance, a new survey designed to assess the maturity of public cloud and risk management within the enterprise. Commissioned by Google, the findings identify the current challenges and perceived effectiveness of risk management in the public cloud, the impact of effective risk management practices in the cloud, and best practices that not only reduce risk but address risk tolerance in the cloud.
“With enterprises continuing to add production in the cloud and the growing use of cloud services, managing cloud and digital assets will be critical in risk management and measurement,” said John Yeoh, Global Vice President of Research, Cloud Security Alliance. “Since cloud services are ever-evolving and changing, it’s important to regularly evaluate your risk status and adjust your security posture accordingly.”
Among the key findings:
- Enterprises need to improve their digital asset management. In fact, there is no consistency of data classification across cloud platforms and services — only 21 percent of users are utilizing cloud service data classification, and only 65 percent of those users are aligning with internal data classification schemes.
- Cloud risk isn’t keeping up with business adoption of cloud. The lack of visibility with shadow IT is still a gap that cloud risk management practices cannot keep up with — 81 percent of organizations have a multi-cloud strategy and less than half (48%) continuously evaluate the risk status of cloud services used.
- There is plenty of room to improve upon risk tool satisfaction. Popular risk scoring tools for quantifying or measuring risk are not meeting expectations, and open source, cloud-native, and third-party risk tools are only somewhat effective methods.
- Monitoring, measuring, and reporting is difficult. A lack of transparency, unreliable metrics, and poor reporting and forecasting tools all contribute to the difficulty.
“Continuously evaluating your risk status allows enterprises to properly configure and maximize the effectiveness of their security solutions, which in turn, protects their assets and improves business productivity. Yet, under half of the organizations surveyed engage in these exercises,” said Chris Rezek, Product Manager/Security and Privacy, Google. “This study has shone a light on the challenges that enterprises are facing in managing and measuring their risk, and will hopefully lead to improved risk management practices, among them centralized workflows and educating staff on how to better use the tools available to them.”
The survey, which was commissioned by Google to add to the industry’s knowledge about enterprise risk, was conducted in two phases. The data gathered in the first round of interviews, which were conducted by CSA, were analyzed and used to refine the question set for the second part, an online survey that received responses from more than 600 IT and security professionals from a variety of organization sizes and locations. Sponsors are CSA Corporate Members who support the findings of the research project but have no added influence on the content development or editing rights of CSA research.
The recent on-demand webinar, Managing and Measuring Risk on the Cloud, delves further into the report and shares top benefits and challenges for risk practices towards cloud including the evaluation, assessment, and procurement of cloud services to the understanding of risk tolerance and why cloud is different.
Download Measuring Risk and Risk Governance now.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211214005445/en/
Contacts
Media Contacts
Kari Walker for the CSA
kari@zagcommunications.com