• 70 percent of IT managers consider cybercrime to be the biggest threat to their cloud security
• The increased risk from cyber attacks increases the need for external expertise

Ismaning, December 7, 2022. Most IT managers (70 percent) currently rate cybercrime as the biggest risk to their cloud security. In the past, however, they have been confronted with incidents of another kind. So far, human errors (34 percent), IT compliance violations (32 percent) and availability bottlenecks (31 percent) have been the main challenges. This is the result of a survey conducted by the IT and consulting company msg, in which 250 IT managers in German companies were questioned on the topic of cloud security.

“From the respondents’ perspective, the risks posed by cybercrime will be playing an increasing role in the future,” explains Tomasz Lawicki, cloud security expert of the msg group company m3 management consulting. “We have seen that the number of ransomware attacks has increased significantly in 2022 compared to previous years. Companies are also noticing this increased risk.”

Companies already rely on diversification for cloud security

To best protect cloud infrastructure, Lawicki says companies should diversify security measures as much as possible, across six different areas:

• Identity and access: e.g., implementing single sign-on or multi-factor authentication
• Environmental security: e.g., installing firewalls or identifying and analyzing cyber threats
• Network security: e.g., implementing continuous monitoring and regular handling of vulnerabilities
• Security of data processing: e.g., using container security or confidential computing
• Application security: e.g., using digital certificates or cloud services that securely and centrally store passwords
• Data security: e.g., introducing database encryption or transport encryption

The survey reveals that a large proportion of IT managers already rely on measures in the various areas. Thus, all six levels are used very widely or widely in at least every second company. The "data processing security" level brings up the rear, but at 54 percent, it is still used in more than half of the companies. At the top of the list are measures in the areas of “Identity and access” (62 percent), “Environment security” (61 percent) and “Network security” (60 percent).

The measures implemented to date appear to be working: For example, 94 percent of respondents said they had been satisfied or very satisfied with their cloud protection in the event of risky incidents to date.

Increased challenges require expanded expertise

Some of these measures are being carried out entirely in-house: Almost one in three companies (32 percent) has so far been working in the area of cloud security without external assistance. However, the survey also shows that almost one in four companies is looking to make a change: 23 percent of the respondents stated that they intend to rely on external consulting or change their current service provider in the medium term. "Companies have been solidly positioned in their cloud security up to now, but feel that the requirements are increasing," explains Lawicki. This mainly relates to the increased risk from cybercrime.

But Lawicki also sees other reasons for using external consulting services: “Developments such as the need for a multi-cloud strategy mean that there are more obstacles. Expanded expertise is therefore necessary. While companies can often manage the technical and process levels, the human factor of these change projects is sometimes neglected. This is where external experts in particular can help to close possible gaps.”

About the survey

The data used is based on an online survey conducted by INNOFACT on behalf of msg, in which a total of 250 IT employees and managers of German companies with 50 or more employees took part between September 21 and 23, 2022. The survey was conducted to find out how companies are positioned with regard to their cloud security and which challenges they are confronted with. The survey was conducted on a target group-specific basis and is representative of the respective population aged 18 and over.