the ciso cloud/saas - qosmos
TRANSCRIPT
2020
THE CISO CLOUD/SAASSECURITY REPORT
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 2
The number of employees working from home or other remote locations has
skyrocketed, and for many, the change is likely to become permanent on a part-
time — if not full-time — basis. This massive shift has led to a rise in the use of cloud
applications and services, along with an increase in risky behaviors and a further
blurring of the lines between personal and corporate IT resources.
In light of this evolution, what types of cloud usage and cyber threats are network
security managers most concerned about? Which cloud services inspire their
confidence, and which cause concern? What changes in security solutions and
strategies are they planning to address these concerns?
To find the answers to these questions, we conducted a survey of Cybersecurity
Insiders’ 400,000-member information security community.
For a panel discussion about options and strategies for addressing the needs and
concerns raised in this survey, we invite you to watch our webinar “What You Need to
Know about CISO Cloud/SaaS Concerns & Plans”
Many thanks to Enea Qosmos for supporting this important research project.
We hope you find the information shared by respondents useful in assessing and honing
your own cybersecurity strategies, and we hope that you enjoy reading the report.
Thank you,
Holger Schulze
EXECUTIVE SUMMARY
Holger SchulzeCEO and FounderCybersecurity Insiders
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 3
FINDING 1:
WFH Practices: The business use of personal devices is the working from home
(WFH) practice seen as carrying the greatest security risk, followed closely by the use
of Infrastructure as a Service (IaaS).
FINDING 2:
Cyber Threats: Malware infections and data loss are the top cloud/Software as
a Service (SaaS) cyber threat concerns, cited as a top concern by 77% and 72% of
respondents respectively.
FINDING 3:
Attack Vectors: File sharing and hosting services (72%) and cloud email (57%) are
perceived as the top cloud/SaaS attack vectors.
FINDING 4:
Investment Plans: In response to cloud/SaaS concerns, security spending is
expected to increase:
• 90% of respondents report plans for new investments in cloud-based security
components as well as comprehensive solutions like Software-Defined Wide Area
Network (SD-WAN) and Secure Access Service Edge (SASE).
• 82% report plans for new investments in on-premise solutions (e.g., endpoint security
and next generation firewalls).
KEY FINDINGS
CLOUD/SAAS CHALLENGES
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 5
CLOUD SECURITY CONCERNS REMAIN HIGHAn overwhelming majority of survey participants are concerned about public cloud security, with more than half reporting they are “very” to “extremely” concerned. This aligns with findings from prior Cybersecurity Insiders surveys, indicating that concern about cloud security remains stubbornly high.
How concerned are you about security risks associated with the increased use of public clouds?
41%
Extremely concerned
94% Organizations are extremely to moderatelyconcerned about cloud security.
Not at all concerned
1%5%
22%
31%
Extremely concernedNot at all concerned Very concernedSlightly concerned Moderately concerned
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 6
WFH PRACTICE CONCERNSThe use of personal devices for work is the WFH practice that most concerns security professionals, followed very closely by the use of IaaS solutions. In comparing similar domains, the use of personal devices is of greater concern than personal networking solutions (e.g., Virtual Private Networks (VPNs) & Local Area Networks (LANs)) by a margin of 34% to 22%. And, IaaS services invoke greater concern than SaaS applications (33% vs 11%).
Which unauthorized Work From Home (WFH) IT practices are you most concerned about with respect to security?
Use of personaldevices
Use ofunauthorized
cloud laaS services(e.g., storage, backup,
compute workloads, etc.)
Use ofunauthorized
local networks(e.g., personal VPNs,
home LANs, etc.)
Use ofunauthorized
cloud SaaS apps(e.g., videoconferencing,
messaging, etc.)
11%
34% 33%22%
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 7
CYBER THREAT CONCERNSMalware infection is the cloud risk which concerns security professionals the most, followed closely by data loss and credentials compromise. The fact that malware is viewed as a more significant threat than data breaches represents a slight shift from our 2019 cloud security research, indicating a real or perceived increase in the use of the cloud as a malware injection vector.
Which SaaS-related threats are you most concerned about?
77% 72%Malware infection
of connected devices(via email, websites,
applications, plug-ins, etc.)
Data loss or theft(internal actor; malicious,or accidental due to use
of unauthorized software,processes or devices)
Credentialstheft/accountcompromise
69%
Cloud data breaches(external actor)
45% 35%Breach of enterprise
network via cloud
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 8
SAAS CATEGORY CONCERNSFile sharing and storage services top the list for perceived risks, with three quarters of respondents rating them as their number one security concern, followed by cloud email and instant messaging apps, which more than half of respondents rate as their highest concern.
Which types of SaaS apps are you most concerned about from a security point of view?
72% 57%File hosting &
transfers(e.g., Dropbox, Google Drive,
WeTransfer, etc.)
Cloud email(e.g., Gmail, Outlook,
iCloud, etc.)
Instantmessaging(e.g., Telegram,
WhatsApp, WeChat, etc.)
52%
35%Communication &
collaboration(e.g., Skype, MS Teams,
Slack, etc.)
42%Videoconferencing
(e.g., Zoom, MS Teams,GoToMeeting, etc.)
23%Project management
(e.g., Trello, Monday.com, Basecamp, etc.)
Other 6%
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 9
OFFICE 365 & GOOGLE G SUITE CONCERNSAmong G-Suite apps, those causing the most security concerns were Google Docs, Google Drive and Gmail. For Microsoft Office 365, the top applications by level of concern were Sharepoint, OneDrive and Outlook. As noted previously, file sharing and storage services top the list for perceived risks by service type, followed by cloud email. So, these responses underscore the high concern security managers have about the two categories of applications.
Do you have security concerns about the authorized or unauthorized business use of any of these Office 365 apps?
Do you have security concerns about the authorized or unauthorized business use of any of these Google G Suite apps?
42%
27%
23%
19%
34%
46%
40%
38%
35%
28%
43%
Not concerned about any 41% | Other 6% Not concerned about any 26% | Other 6%
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 10
EXPECTATIONS FOR CLOUD TRAFFIC ANALYSIS Respondents expect their cloud/SaaS providers to have quite a high level of visibility into their organization’s traffic, with priority given to the extraction of metadata that can be used to detect threats, with intelligence about files, emails, and network authentication and connection processes topping the list. As might be expected, these three types of traffic intelligence play an important role in combatting the three SaaS-related threats respondents said they are most concerned about: malware infection, data loss, and credentials theft.
Which types of traffic analysis do you think cloud/SaaS providers should be using to properly understand and secure customer activities?
General traffic categorization (video, audio, etc.) 36% | Not sure/other 9%
77% 71% 70%
64%68% 52%
File metadata(for data loss prevention/
malware analysis/file reconstruction)
Email content(link detection & extraction
and/or attachedfile identification for
malware analysis)
Security-specificmetadata
(e.g., detection of tunnelingon protocols such as DNSor ICMP, JA3/JA3S, NTLM
and KRB5-related metadata)
Flow metadata(path and behavior of packets as they traverse the network)
Serviceidentification
(e.g., Skype audio call)
Application/protocolidentification
(e.g., Office 365 SharePoint)
CLOUD/SAAS INVESTMENT STRATEGIES
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 12
In response to increased SaaS and cloud usage and the shift to home and remote work, and the evolving threat landscape accompanying these changes, slightly more than one-third of network and security managers are planning to deploy a Software-Defined Wide Area Network (SD-WAN) to connect their workers and IT assets and services. Together with those who have already deployed SD-WAN, this means nearly two-thirds of all enterprises will rely on SD-WAN to manage and secure their networks.
PLANS FOR SD-WAN
Does your organization use an SD-WAN, (Software-Defined Wide Area Network), for multi-cloud/multi-site environments?
Not yet, butplanning to
35%
63%
No plans for SD-WAN
20%
Yes
28%
17%Not sure
Have deployed or planto deploy SD-WAN.
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 13
In response to new cloud and SaaS challenges, more than half of respondents have deployed or plan to deploy a Web Application Firewall (WAF) and a gateway Firewall-as-a-Service (FWaaS) or Unified Threat Management (UTM) solution. More than 40% also have plans for Domain Name System (DNS)-layer security and Zero Trust Network Access (ZTNA) solutions. This shows an interest in combining defensive and offensive security, with a mix of solutions that can prevent connections to malicious web applications and destinations from ever taking place, that can block malware at the point of entry, or that can at least prevent the lateral movement of any malicious files that have penetrated defenses. Nonetheless, firewalls top the list of defensive strategies.
PLANS FOR CLOUD SECURITY SOLUTIONS
Which other cloud security solutions are you using, or planning to use, in response to new cloud/SaaS security challenges?
58% 56%WAF Conventional/
next generation (NG)FWaaS or UTM solution
DNS-layersecurity
48%
38%ZTNA
42%Cloud Access
Security Broker(CASB)
32%Secure Cloud
Gateway(SCG)
None of the above 10% | Other 4%
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 14
Almost one in five respondents have deployed some type of SASE solution already, and another 25% plan to do so. This is high penetration for a relatively new paradigm defined less than a year ago by Gartner as both a best practice prescription and a reflection of an in-progress industry evolution. It also seems to validate Gartner’s prediction that 40% of enterprises will develop strategies to adopt SASE by 2024. It is a paradigm that aligns with WFH/SaaS trends in that it offers combined networking and security as a cloud service, with the dynamic scaling and provisioning that accompany all SaaS solutions - regardless of where users, data, applications, or devices are located.
PLANS FOR SASE
Have you deployed a Secure Access Service Edge (SASE)-type solution?
Not yet, butplanning to
25%
No plans at this timeto subscribe to aSASE solution
36%
Yes
17%
22%Not sure
42% Have adopted orplan to adopt SASE.
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 15
An overwhelming majority of respondents, 82%, plan to invest in additional on-premise security solutions in response to perceived cloud and SaaS risks. The top three types of solutions planned - endpoint security, next generation firewalls, and intrusion detection and prevention systems - all focus on protection against known threats; however, “endpoint security” plans may include new endpoint detection and response solutions which correlate endpoint and network events to detect unknown threats.
PLANS FOR NEW ON-PREMISE SOLUTIONS
In response to increased external threats from cloud/SaaS usage, do you plan new or additional deployments of solutions like these inside your enterprise perimeter?
54% 50%UTM/NGFWEndpoint Security
SolutionIntrusion Detection/
Prevention(IDS/IPS)
48%
Data LossPrevention (DLP)/
SSL Proxies
44%Email Security
Solution
42%Network Traffic
(Behavior)Analysis (NTA)
36%
Network Detection & Response (NDR) (combined NTA & IPS software or appliance) 30% | Enterprise VPN 28% | No new enterprise deployments anticipated within next 2 years 18%
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 16
METHODOLOGY & DEMOGRAPHICSThis CISO Cloud/SaaS Security Report is based on the results of a comprehensive online survey of 378 cybersecurity professionals, conducted in September 2020, to gain deep insight into the latest trends, key challenges and solutions for cloud protection. The respondents range from technical executives to managers and IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.
CAREER LEVEL
17% 15% 15% 13% 12% 8% 6% 4% 10%
35% 19% 10% 8% 6% 4% 18%
25% 12% 15%
16%4%
25%15% 8%
31% 21% 8% 6% 6% 4% 4%
Director Vice President CTO,CIO,CISO,CMO,CFO,COO Manager/Supervisor Specialist Consultant Administrator Project Manager Other
DEPARTMENT
IT Security IT Operations Sales/Marketing Engineering Security Operations Center (SOC) Product Management Other
INDUSTRY
Technology Financial Services, Banking or Insurance Healthcare Retail or Ecommerce Telecommunications or ISP Energy or Utilities Government Manufacturing Other
COMPANY SIZE
Less than 100 100-499 500-999 1,000-4,999 5,000-9,999 10,000 or more
25% 15% 15% 8% 4% 3% 3% 27%
PRIMARY ROLE
IT Manager, Director or CIO CSO, CISO, or VP of Security Security Manager or Director Auditor Security Analyst Security Administrator Threat Analyst Other
2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 17
ENEA Qosmos Division
Enea is one of the world’s leading suppliers of innovative software for telecommunication
and cybersecurity. Focus areas are cloud-native, 5G-ready products for data
management, mobile video traffic optimization, edge virtualization, and traffic
intelligence. More than 3 billion people rely on Enea technologies in their daily lives.
The embedded traffic intelligence products provided by Enea classify traffic in real-
time and provide granular information about network activities. The portfolio includes
the Enea Qosmos ixEngine® and the Enea Qosmos Probe. The products support a
wide range of protocols and are delivered as software development kits or standalone
network sensors to network equipment manufacturers, telecom suppliers, and vendors
of cybersecurity software.
For more information visit: www.enea.com