2019 Cloud Security Report

As organizations migrate more and more of their data and operations to the cloud, they must

ensure that they maintain a robust cybersecurity posture. However, frequent breaches in the

news seem to suggest that many companies are not prioritizing security to the degree that

they should. To uncover the state of enterprise security in the cloud, Bitglass partnered with a

leading cybersecurity community and surveyed IT professionals.

1. Securing major apps in use

2. Reaching regulatory compliance

3. defending against malware

4. discovering unmanaged apps

5. securing mobile devices

6. preventing cloud misconfigurations

Awe some m i x vol . 1

1. Defending against malware

2. Reaching regulatory compliance

3. Securing major apps in use

4. preventing cloud misconfigurations

5. securing mobile devices

6. discovering unmanaged apps

2 0 1 92 0 1 8

Organizations’ leading cloud priorities have shifted over the past year. While defending against malware has ascended to the

top spot, discovering unmanaged apps in use has fallen to number six. Despite a change in their order, the top three priorities

from 2018 are each still in the top three in 2019. Finally, it is concerning that securing mobile devices isn’t a higher priority in

light of recent Bitglass research which found that 85% of companies now enable bring your own device (BYOD).

Awesome Mix 2019

67% of respondents believe cloud apps are as secure or more secure than on-premises apps—this is significantly

higher than the 40% recorded in 2015. Despite this, 93% of respondents are at least moderately concerned about

the security of the cloud. In other words, organizations know the cloud itself is highly safe, but are wrestling with

their responsibility to use it securely.

How concerned are you about the security of the cloud:

When compared to on-prem apps, public cloud apps are:

Security in the Skies

32%

35%

33%Not Concerned

Slightly Concerned

Moderately Concerned

Very Concerned

Extremely Concerned

4%

18%

37%

38%

3%

0

10

20

30

40

50

60

70

80

Email

Custom

er Dat

a

Emplo

yee D

ata

DevOps D

ata

Sales &

Mark

eting D

ata

Contract

s & In

voice

s

Corpora

te F

inancia

l Dat

a

Inte

llect

ual Pro

perty

Health

Info

rmat

ion

Other

5%

18%

24%

30%33%

38%38%42%

45%

63%

Organizations are moving workloads and data into the cloud, granting them greater productivity and flexibility, but

increasing the likelihood of data leakage where proper security is not employed. As 45% of respondents store customer

data in the cloud, 42% store employee data in the cloud, and 24% store intellectual property in the cloud, adopting the

appropriate security measures is clearly critical.

A Galaxy in Need of Saving

What type of corporate data do you store in the cloud?

Access

Contro

l

Anti-M

alware

Encryp

tion

Firewalls

/ NAC

Singl

e Sign

-On

MFA

Endpoint S

ecurit

y

App-Specifi

c Pro

tect

ion

Data Loss

Pre

ventio

n

Log Manag

ement

Behavio

ral T

hreat

Dete

ctio

n

0

10

20

30

40

50

60

52%

46%

34%

30%26% 25%

22% 22% 20% 19% 18%

Weapons Systems

Access control (52%) and anti-malware (46%) are the most-used cloud security capabilities. However, these and others—like single

sign-on (26%) and data loss prevention (20%)—are still not deployed often enough. Additionally, as 66% of respondents said that

traditional security tools don’t work or have limited functionality in the cloud, adopting appropriate cloud security solutions becomes

even more critical. Fortunately, cloud access security brokers (CASBs) can provide many of these essential capabilities.

What security capabilities have you deployed in the cloud?

Despite a slight increase since last year, a mere 20% of organizations have visibility over cross-app anomalous

behavior. This is a critical requirement as only 25% of survey respondents are “single cloud” today. Unfortunately,

corporate visibility over every other category decreased since 2018. This may be due to the growing number of cloud

apps and personal devices over which IT struggles to gain visibility.

While the high percentage of organizations that have visibility into user logins (69%) suggests that the first step of

cloud security (identity management) has been taken, many organizations still lack visibility and control over what

happens after authentication.

Knowhere Your Data is Going

User Logins

DLP Policy Violations

File Uploads

Cross-App Anomalous

Behavior

File Downloads

Shadow IT Usage

External Sharing

0 20% 40% 60% 80%80% 60% 40% 20% 0

2019 2018

69% 78%

57% 58%

55% 56%

40% 44%

38% 46%

35% No Data

20% 15%

What do you have visibility into in the cloud?

Holes in the Hull

Since 2018, malware has emerged as the most concerning data leakage vector; it was selected by 27% of

respondents. Conversely, unsanctioned cloud apps falling from 12% to 5% shows that organizations are becoming

aware that there are data leakage threats greater than shadow IT.

Concerns about app infrastructure fell from 21% in 2018 to 9% in 2019. At the same time, misconfigurations

ascended from the middle of the pack (12%) to third place (20%). These stats highlight the growing awareness that

the cloud itself is highly secure, but that organizations must use it in a safe fashion.

Compromised Accounts

Malware

Unsecured WiFi

App Infrastructure Vulnerabilities

Other

Mis- configurations

Unsanctioned Cloud Apps

Unmanaged Devices

0 10% 15% 20% 25% 30%30% 25% 20% 15% 10% 0

2019 2018

21%

27%

21%

14%

20% 12%

9% 21%

8% 11%

7% 3%

5% 12%

3% 7 %

Which data leakage vector is most concerning for your organization?

0 10 20 30 40 50 60 70

Endpoint Protection69%

Native App Protections

Cloud Access Security Brokers

Secure Web Gateways

Other Third-Party ATP Solutions

48%

31%

31%

25%

None of the Above9%

30%

27%

27%

10%6%

Agent-Based Tools Like MDM

Block Personal Device Access to Data

Use a Trusted Devices Model

Grant Access to Any Device

Apply DLP at Upload or Download

Successfully defending against malware requires organizations to utilize a three-pronged strategy that encompasses

devices (endpoint protection), the corporate network (secure web gateways), and the cloud. While a few cloud apps

provide some built-in malware protections, most do not. As such, a combination of tools is necessary. Fortunately the

use of CASBs for malware protection has increased from 20% in 2018 to 31% today.

The use of agents to secure personal devices (which violates employee privacy and creates deployment challenges),

decreased from 38% in 2018 to 30% in 2019. Blocking personal device access to corporate data (which hinders

employee efficiency and flexibility), increased from 21% to 27%.

Defenses at the Ready

What anti-malware tools does your firm use to secure cloud data?

How does your firm secure corporate cloud data on personal devices?

0 10 20 30 40 50 60

Integration with Cloud Platforms

Simple Cross-Cloud Policy Enforcement

Cloud Native

Ease of Deployment

Cost Effectiveness

36%

36%

45%

46%

55%

Tools for Saving the Galaxy

Interestingly, cost is the leading concern for organizations evaluating cloud security providers. Other critical concerns

include ease of deployment (46%), whether the solution is cloud native (45%), the ease with which cross-cloud security

policies can be enforced (36%), and the solution’s ability to integrate with various cloud platforms (36%).

What do you look for in a cloud security provider?

Phone: (408) 337-0190

Email: info@bitglass.com

www.bitglass.com

About Bitglass

Bitglass, the Next-Gen CASB company, is based in Silicon Valley with offices worldwide. The company’s cloud

security solutions deliver zero-day, agentless, data and threat protection for any app, any device, anywhere.

Bitglass is backed by Tier 1 investors and was founded in 2013 by a team of industry veterans with a proven

track record of innovation and execution.

Wrap-Up

Maintaining a robust cybersecurity

posture is crucial in today’s

fast-paced world. Data is now

being stored in more cloud apps

and accessed by more devices

than ever before. While some

enterprises are prioritizing cloud

security, many still need to rethink

their approach to protecting

data. Fortunately, there are cloud

security solutions that can make

the task incredibly simple.