Cloud usage is surging, but single sign-on security isn’t keeping up

Businesses are lapping up cloud services at a furious pace but two-thirds of them are failing to implement single sign-on (SSO) security tools, according to new research that reinforces the need for cybersecurity controls to moderate business enthusiasm about the cloud.

The figures, contained within the recent Bitglass Cloud Adoption 2018 War study, reflect an automated analysis of more than 135,000 corporate email domains that found 81 percent of corporate users globally – and 84 percent amongst ANZ companies – embracing cloud productivity platforms.

Microsoft Office 365 was leading the charge, with 56.3 percent of domains using the service in 2018 – up from 34.3 percent in 2016 and 7.7 percent in 2014.

Amazon Web Services (AWS) usage also registered significant penetration, with 21.5 percent of technology companies, 19.7 percent of education organisations, 15.3 percent of media companies and 13.3 percent of agriculture interests embracing the cloud platform.

Just 11.6 percent of finance companies and 9 percent of retail providers were using AWS – below the worldwide average of 13.8 percent.

Interestingly, ANZ companies were well ahead of the global average when it came to AWS adoption, with 22 percent of local companies using the platform as the basis of their infrastructure as a service (IaaS) efforts.

Despite the prevalence of cloud services, adoption of SSO – which enables management of diverse cloud services underneath a consistent policy umbrella – followed a different trajectory that favoured a few industries.

SSO was, for example, in use at 40.3 percent of education providers, 31.8 percent of government organisations, and 29.3 percent of finance companies, with the lowest adoption amongst engineering firms (11.2 percent) and consulting companies (17.4 percent).

Low cloud penetration and high SSO usage of the finance sector seems to reflect that industry’s conservatism around cloud adoption and higher awareness of security. Yet banks tend to be large organisations, and the study also found a correlation between the size of companies and their adoption of SSO – which was identified in 44.1 percent of firms with more than 1000 employees but just 17.9 percent of companies with under 500 staff.

“Cloud adoption is showing no signs of slowing down in Australia and New Zealand, with SaaS productivity platforms like Office 365 now deployed in a majority of organisations in region,” said Asia Pacific vice president of sales David Shephard in a statement.

“Unfortunately, businesses still lack basic security functionality like single sign-on. The cloud-first enterprise can no longer afford to forego cloud-first security solutions.”

The analysis is broadly in line with the results of the recent Ixia 2018 Security Report, which warned that “the evolution of security practices is trailing behind mainstream adoption of cloud resources”.

Fully 90 percent of IT professionals are concerned about data and applications security in the cloud, according to a recent Ixia Research survey that found 88 percent had experienced negative outcomes from a lack of cloud visibility.

Reported issues included delays troubleshooting application performance issues (reported by 50 percent of respondents) and network performance issues (49 percent); an application outage (38 percent); delays in resolving security alerts (37 percent); a network outage (36 percent); or completely missing a security threat or attack, which had happened in 26 percent of surveyed companies.

Given the results of the Bitglass analysis, it’s little surprise that Ixia survey respondents named securing data and applications was rated as the top priority amongst Ixia respondents, cited by 43 percent; satisfying compliance requirements was cited by 35 percent.

“In some organisations, the pressure to achieve cost advantages and speed associated with cloud deployments... can divert attention away from the basics of security enforcement,” the report noted. “Persistent, multi-layered security is the best way to defend enterprises against security breaches, data loss, and business disruption.”

Copyright © 2018 IDG Communications, Inc.

The 10 most powerful cybersecurity companies