As more and more organisations employ cloud security services, C-suites and IT Decision Makers (ITDMs) need to work together to implement the right levels of defence to protect both the business and customer information thatโs stored there.
Our recent global research showed cyber security represents the most significant business challenge to 71% of C-suite respondents. Amongst ITDMs, 72% expect to be targeted by a cyber-attack over the next 12 months. In both groups, confidence in their organisationsโ defences against cyber-attack was very high. It revealed that businesses are increasingly aware of the unpredictable nature of the cyber threats they face and, despite differences, C-suite executives and ITDMs alike are taking increasingly pragmatic and informed choices about how they go about minimising the risks they face.
This is even more important given that into cyber defence shows that almost half (48%) of C-suites will increase their usage of cloud computing services in the next 12-18 months.
Interestingly, the story is different for ITDMs: just under a third (29%) say theyโll cut back on cloud usage, suggesting a disconnect between this group and the C-suite who may lack knowledge when it comes to the current level of cloud services in use throughout their organisation.
[easy-tweet tweet=”Two in five (41%) C-suites say cloud services are a vital part of doing business” hashtags=”Cloud,Business”]
Yet, overall, both groups shared similar beliefs around the utility and risks of cloud computing. Two in five (41%) C-suites say cloud services are a vital part of doing business; a third say theyโre necessary, but theyโd rather not use them, while just under a quarter (24%) think the cloud represents a security risk.
Itโs worth noting that just over a quarter (26%) of ITDMs refused to answer the question on how confident they are that their organisation has the right security controls for cloud services. However, the overwhelming majority of those who did respond are very or fairly confident that their organisation has the right defence strategy in this area: a total of 64% for the C-suite and 85% for ITDMs.
This is likely due to the efforts of cloud service providers, and their scale as organisations. Large cloud computing providers can devote significant resources to securing the delivery of their key products, and this benefit is passed on to small companies that use these services โ businesses that would otherwise never be able to afford these security measures.
However, the risks lie in how, and to what extent, users and their employers secure implementation; a supplier may provide a perfectly secure product, but if employees bypass security in the name of speed or convenience, all the effort in the world from cloud providers will be futile.
[easy-tweet tweet=”Cyber risk has reached the top of the agenda for many directors over the last few years” hashtags=”Cyber,Security “]
Cloud security is paramount and C-suites and ITDMs need to be clear and aligned on the strength of their current defences, and therefore the investments they need to make, to ensure their business and their customers remain secure.
Cyber risk โ and associated worries โ have reached the top of the agenda for many boards of directors over the last few years, and quite rightly so. Cyber security is now a business risk issue like any other. But how different groups within your company perceive this risk is another thing. Whether youโre an IT director or a C-level executive, one thing is clear: you need to do more than talking to each other: you must make yourselves understood.
The divergence of opinions between C-suite and ITDMs when it comes to potential threats, accountability and responsibility creates gaps for attackers to exploit. Such disconnects and communications failures can also create problems in the event of an attack when the time is often of the essence and clarity is important. Itโs vital that organisations work to narrow these gaps in understanding, intelligence and responsibility.
Vice President, Applied Intelligence Strategy
BAE Systems Applied Intelligence
Cyber threats have changed. Warfare has moved online. Shadowy criminal gangs and even nation states look to steal vital secrets and capital using sophisticated technologies. Itโs no longer hobbyist hackers creating mischief.
Kevinโs role at BAE Systems is to work with all of its Applied Intelligence business units and define their 5-year product strategy, to ensure its customers, prospects, partners and industry influencers fully understand the innovative defence solutions that BAE Systems provides.
Prior to joining BAE Systems, Kevin was Vice President Market Strategy of security company Clearswift, and before that Research Director Security Software for IDC. Kevin regularly authors papers on security, cloud and social media covering cyber actors, data protection, regulations and compliance, mobility, and secure omnichannel digitalisation.
Kevin holds an MSc Strategic Markets from the University of Glamorgan.