Organizations fail to implement basic cloud security tools

Despite 86% of enterprises deploying security tools, only 34% have implemented single sign-on (SSO), a Bitglass report found.

Must-Read Cloud

Bitglass released a report on Tuesday revealing increased cloud adoption in the enterprise, with 86% of organizations having deployed cloud-based tools. Despite this increase, only 34% of companies said they have implemented single sign-on (SSO), one of the most basic but crucial cloud security tools, the report found.

The report, titled A for Adoption: Bitglass’ 2019 Cloud Adoption Report, surveyed 138,000 companies worldwide to determine the overall growth rates and trends in cloud adoptions. Cloud adoption has steadily grown since 2014, but 2019 saw the highest adoption rate yet, according to the report.

SEE: Special report: The cloud v. data center decision (free PDF) (TechRepublic)

More business professionals have adopted the technology, said Lauren Nelson, research director serving infrastructure and operations professionals at Forrester, “because cloud is fast and relatively inexpensive to try (low barrier to adoption), security of public cloud platforms has become very strong, the number of services has exploded (AI, ML, messaging, IoT, database, etc.), and the price wars stabilized.”

Top cloud vendors in the enterprise include Amazon Web Services (AWS), Microsoft, and Google, which give organizations access to rent anything from applications to storage on an as-needed basis, reported ZDNet.

AWS reached new heights in 2019, with the percentage of organizations using AWS increasing to 43% over the past year from 20%. The top five industries using AWS included tech (32%), media (28%), telecommunications (27%), education (26%), and nonprofits (20%), the report found.

Cloud apps take over, but security doesn’t

Applications in the cloud help streamline work and improve communications in the enterprise. The most popular cloud applications include Microsoft Office 365 (79%) and Slack (62%), which experienced significant growth over the past couple of years, rising from 56% and 43% in 2018, respectively. Despite early success in the cloud productivity market, Google’s G Suite (33%) has lost traction, only seeing an 8% increase in adoption between 2018 and 2019, indicating increased competition in the cloud apps market, according to the report.

Cloud app adoption is significant across industries, with the majority of organizations in education (81%), technology (80%), finance (82%) and healthcare (79%) adopting Office 365. While adoption rates were high, adoption of cloud basic cloud security was not, the report found.

One of the most popular cloud security tools is single sign-on (SSO). The report defined SSO as a cloud security tool that organizations use to authenticate users trying to access data within the cloud, referring to SSO as “table stakes when it comes to protecting data in the cloud.”

Despite this tool being one of the most basic in cloud security, organizations across industries fail to adopt. While the majority of companies in education (61%) have implemented SSO, less than half of those in the technology (33%), finance (41%), and healthcare (30%) sectors said the same, the report found.

Large companies, which the report said adopt cloud applications most often, are leading the pack in SSO adoption, with 64% using SSO, while only 45% of medium-sized organizations and 25% of small organizations reported implementing the security solution, according to the report.

“One of the biggest impediments to implementing SSO is that many organizations have large numbers of legacy applications that don’t support modern identity protocols such as SAML, OAuth and OpenID Connect,” said Mary Ruddy, research vice president at Gartner. “Therefore, organizations need to deploy multiple SSO technologies to achieve their SSO goals.”

Regardless of these difficulties, security professionals must learn about cloud security measures, like SSO, and implement them accordingly into their businesses. As cloud functionality becomes more widespread and advanced, security teams must update their understanding of cloud security and stay up-to-date with the latest cloud security strategies, Nelson said.

Nelson also outlined other best practices in cloud security for enterprise users. She suggested organizations “create a map of which stakeholders are responsible for which aspects of cloud security, automate everything you can, provide education and outreach to your security team to build better relationships with business and development teams, and blend both proactive and reactive approaches to security.”

For more, check out Multicloud security: How to secure your cloud infrastructure and keep the hackers at bay on our sister site ZDNet.