INTELLIGENT BRANDS // Cloud
Cloud usage drives cybersecurity
spending in SANS 2020 Survey
/////////////////////////////
A survey from SANS reveals
that migration to cloud-based
technologies is a key driver for
how organisations plan their
spending increases.
John Pescatore, SANS Director of Emerging
Security Trends
The rapid migration to cloud-based
technologies is the biggest disruptor
worldwide of operations and a
key driver when organisations plan their
spending increases, according to the results
of the latest SANS 2020 Cybersecurity
Spending Survey.
“The SANS survey showed that rapid
movement of corporate services and
business applications to cloud-based
technology is the biggest factor causing
breakage in existing security architectures as
well as driving most new security spending,”
said John Pescatore, SANS Director of
Emerging Security Trends.
“Cloud monitoring and cloud security access
controls were the top two spending areas,
followed by spending to increase security staff
skills to deal with new technologies, such as
the cloud, and to keep up with changes in
regulations as well as new threats.”
Slightly more than 50% of respondents
ranked the increased use of public
cloud Infrastructure-as-a-Service (IaaS)
implementations as the biggest disruptor
to security programmes in the next 12
months. Based on that, 71% of respondents
reported seeing a need to increase spending
on cloud security monitoring, followed by
cloud access security broker cloud-specific
tools (53%), staff skills training (52%) and
strong authentication (46%). Overall, 57%
of respondents feel that out of people,
process and technology, an increased
investment in people would provide the
biggest improvement to their overall security
posture, followed distantly by process (19%)
and technology (18%).
“Managers see increased and refreshed skills
in their existing staff as being significantly
Barbara Filkins, SANS Analyst Program
Research Director
more critical than simply increasing
headcount,” said Barbara Filkins, SANS
Analyst Program Research Director and
author of the report.
“The fact that respondents prioritise
increasing staff skills significantly over
increasing headcount to deal with ‘disruptive
technologies,’ especially when faced with
escalating privacy regulations – and fines
– worldwide, is not surprising. Business
use of IaaS and hybrid cloud requires rearchitecting
security controls and integrating
with CI/CD methodologies.”
In a series of follow-up interviews with
selected survey respondents, security
managers recognise the need for
‘upskilling’ to increase retention rates,
which improves both effectiveness and
efficiency. Increased skills around new
technologies and security techniques is
also required to enable any use of security
automation technologies, which were not
highly cited for spending increases in 2020.
Strong authentication, the fourth most
highly cited area of planned new spending,
points to the recognition that the majority
of damage from breaches and ransomware
attacks in the past year were enabled
by the use of reusable passwords that
were easily captured via phishing attacks.
CEOs and boards of directors are backing
security teams in overcoming obstacles to
implementing multi-factor authentication.
The survey and associated report were
sponsored by ExtraHop, Gigamon and
Netskope, with more than 450 survey
respondents. It was developed by SANS
Research Director, Barbara Filkins, with
advice from John Pescatore, SANS Director
of Emerging Security Trends. The report can
be downloaded from the SANS website. •
www.intelligentcio.com INTELLIGENTCIO 65