Forrester estimates global cloud services revenue has risen to US$114 billion, up from US$68 billion just two years ago, indicating a 30 per cent annual growth.
This rapid shift to the cloud, however, raises new issues and challenges for security and risk professionals, the analyst firm says in its Cloud Security Solutions Forecast, 2016 To 2021 report.
Enterprises typically have multiple cloud implementations and use multiple cloud service providers. Thus, public, private, and hybrid cloud all coexist, serving different needs and applications.
This complexity creates challenges for cloud security, like monitoring data, detecting anomalies, and intercepting bad behaviours, according to report authors Jennifer Adams and Andras Cser.
The Forrester analysts note traditional security tools can’t effectively monitor data moving to and from the cloud and between cloud platforms.
This can lead to a failure to identify fraudulent use of data in the cloud, unauthorised downloads, and malware in the cloud, they state.
Cloud security systems provide the tools to keep cloud data and applications secure, especially when data moves between cloud workloads and apps.
Thus, Forrester foresees the global cloud security solutions market to grow 28 per cent annually over the next four years, from US$1 billion in 2016 to US$3.5 billion in 2021.
By sector, financial services comprise the biggest market for the cloud security solutions, they state.
Forrester believes financial services will continue to be the largest market segment for these solutions in 2021.
A few years ago, the idea of using these services would have been controversial, and even radical, at most of these companies.
But today, in order to reduce costs and stay competitive, financial services firms are moving their applications and integrating legacy assets into the cloud.
Government agencies, meanwhile, are also among the growing users of the cloud security solutions.
This shift brings not only a proliferation of special, government-specific IaaS data centre zones but also a need for additional security protections, the report states.
“We have seen government use of cloud services tick up over the last few years, and we expect growth in use of cloud security tools to follow.”
Traditional security tools can’t effectively monitor data moving to and from the cloud and between cloud platforms.
Struggling to keep pace with new threats
ISACA, meanwhile, raises concern that new and evolving threats combined with persistent resource challenges are limiting organisations’ abilities to defend against cyber intrusions.
The organisation says 80 per cent of security leaders who participated in its 2017 State of Cyber Security Study believe it is likely their enterprise will experience a cyberattack this year, but many are struggling to keep pace with the threat environment.
Sixty-two per cent of respondents reported experiencing ransomware in 2016 but just over half (53 per cent) have a formal process in place to address it.
This is a concerning number given the significant international impact of the recent WannaCry ransomware attack, says ISACA.
Moreover, fewer than one in three organisations (31 per cent) say they routinely test their security controls, and 13 per cent never test them. Sixteen per cent do not have an incident response plan.
“There is a significant and concerning gap between the threats an organisation faces and its readiness to address those threats in a timely or effective manner,” says Christos Dimitriadis, ISACA board chair and group head of information security at INTRALOT.
“Cyber security professionals face huge demands to secure organisational infrastructure, and teams need to be properly trained, resourced and prepared.”
The ISACA survey finds more organisations are employing a chief information security officer - 65 per cent -up from 50 per cent in 2016.
However, security leaders continue to struggle to fill open cybersecurity positions, and nearly half (48 per cent) of respondents don’t feel comfortable with their cyber team’s ability to address anything beyond simple cybersecurity issues.
Additionally, more than half of respondents say cybersecurity professionals lack an ability to understand the business.
“The rise of CISOs in organisations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign,” says Dimitriadis.
“But that’s not a cure-all. With the number of malicious attacks increasing, organisations can’t afford a resource slowdown.
“Yet with so many respondents showing a lack of confidence in their team's’ ability to address complex issues, we know there is more that must be done to address the urgent cybersecurity challenges faced by all enterprises.”
Send news tips and comments to firstname.lastname@example.org
Follow Divina Paredes on Twitter: @divinap
Follow CIO New Zealand on Twitter:@cio_nz
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.