INDIA – Oct. 24, 2019 – Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today released a report that uncovers the truth about the state of cloud security among large enterprises in India and across Asia-Pacific, including many cases where perception doesn’t match the reality of professionals who know best.

 

Conducted by Ovum Research, the report shows that large enterprises, defined as those with more than 200 employees, are not prepared for cloud-related cybersecurity threats, and more importantly, make the assumption that public clouds are by default secure. In fact, 72 percent of security decision-makers in large enterprises in India believe that security provided by cloud providers is sufficient to protect them from cloud-based threats.

 

“Organisations need to recognise that cloud security is a shared responsibility,” said Anil Bhasin, regional vice president, India and SAARC at Palo Alto Networks. “While cloud providers are responsible for the security of their infrastructure, the onus is on companies themselves to secure their data and applications stored in that infrastructure.”

 

Large Organisations Have Many Security Tools, but Lack a Unified View of Security

 

Among the companies surveyed in India, nearly half of them (47%) operate with more than 10 security tools within their infrastructure to secure their cloud. However, having numerous security tools creates a fragmented security posture, adding further complexity to managing security in the cloud, especially if the companies are operating in a multi-cloud environment. 

 

The multi-cloud approach creates a dangerous lack of visibility that is prevalent in 50 percent of large organisations surveyed, according to Andrew Milroy, head of advisory services, Asia-Pacific, Ovum. 

 

“The ubiquity of multi-cloud deployments in large organisations calls for a unified view of all cloud-native services. It is ideal for organisations to have a central console that uses technologies such as artificial intelligence to help prevent known and unknown malware threats, and quickly remediate accidental data exposure when it arises,” said Milroy.

 

Large Organisations Lack Cloud Security Audits and Training 

 

The need for automation is further underscored by the study, which revealed that large enterprises do not have enough time and resources to dedicate to cloud security audits and training. 

 

63 percent of Indian organisations have either never conducted a security audit or do not do it on a yearly basis. Furthermore, 19 percent of these audits do not even include cloud assets and 57 percent of organisations conduct internal audits only. Besides audits, there is also inadequate cloud security training for both IT and non-IT staff. About 55 percent of organisations do not provide cybersecurity training to IT security employees on a yearly basis. It is, therefore, not surprising that staff outside of IT departments receive even less training – 71 percent of Indian non-IT professionals do not receive cybersecurity training on a yearly basis. 

 

Despite organisations’ inability to provide more frequent audits and security training for IT teams and employees, it is encouraging to see that 46 percent of the organisations surveyed use threat intelligence and analytics to identify new threats and take necessary action. Some 20 percent of the organisations have also equipped themselves with real-time threat monitoring capabilities. 

 

In order to be truly secure in cloud environments, it is pertinent for organisations in India to be cognisant of cloud security best practices, which include:

 

  • Building security into the cloud environment from the get-go; security should be an enabler to accelerate cloud adoption.

  • Developing consistent security policies across all types of cloud deployments, which can be implemented properly through the help of tools that provide a unified view of all cloud assets and the threats they face. 

  • Allowing for frictionless deployment and easy scalability in multi-cloud environments, bridging the gap between highly controlled security teams and highly agile development teams.

  • Increasing audits and training for employees, both IT and non-IT.

  • Automating threat intelligence with natively integrated, data-driven, analytics-based approaches (leveraging machine learning/artificial intelligence) to avoid human error.

 

Learn More

  • The Asia-Pacific Cloud Security Study ’ report features analysis and best practices that can be implemented to help companies in Asia-Pacific protect themselves from cloud-based threats.



Note to Editors

The survey was conducted amongst 500 respondents from various vertical industries of large businesses with over 200 employees across five countries in Asia-Pacific. There were 100 respondents per country in Australia, China, Hong Kong, India and Singapore.

 

The companies surveyed needed to have 200+ employees and all had to be using public cloud as a minimum. The respondents to the survey ranged from owners to business directors and C-level executives, all of whom had to be either the final decision-maker or influencer when it came to the organisations’ cloud strategy. 

 

For more information on Palo Alto Networks cloud security offerings, visit https://www.paloaltonetworks.com/cloud-security.

 

###

 

About Palo Alto Networks 

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

 

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

 

Media contacts:
Libby Chang
Communications Specialist, Asia Pacific, Palo Alto Networks
+65 9014 9913
libbychang@paloaltonetworks.com

 

Chiranjeeta Borah/ Saloni Singhania
Candour Communications
Ph: (Cell) +91 9818661995/ +91 9833395087
Email: chiranjeeta@candour.co.in / saloni@candour.co.in


Datasheet

Palo Alto Networks Logging Service

Palo Alto Networks® Logging Service introduces a simpler approach, managing valuable security logs while enabling innovative security applications in concert with Palo Alto Networks Application Framework.

  • 164

Article

Corporate Backgrounder

As the next-generation security company, we are committed to maintaining trust in our digital age.

  • 252

Datasheet

PA-5200 Series Specsheet

Palo Alto Networks® PA-5200 Series of next-generation firewall appliances comprises the PA-5260, the PA-5250 and the PA-5220, which target high-speed data center, internet gateway and service provider deployments. The PA-5200 Series delivers up to 72 Gbps of throughput using dedicated processing and memory for the key functional areas of networking, security, threat prevention and management.

  • 4358

Datasheet

PA-800 Series Specsheet

Palo Alto Networks PA-800 Series next-generation firewall appliances, comprising the PA-820 and PA-850, are designed to secure enterprise branch offices and midsized businesses.

  • 4366

White Paper

Prisma Cloud Threat Protection

The dynamic nature of public cloud environments requires security operations teams to adapt and embrace a new approach to securing the cloud. Threat assessment and mitigation are significantly impacted due to ephemeral cloud environments, decentralized management models, and distributed data across multi-cloud deployments. Threat prevention for the cloud needs to be built around the principles of attack surface reduction through segmentation and prevention controls, advanced threat detection measures built around user, network and host activity monitoring and behavioral baselines, and rapid response through automated remediation.

  • 32

Datasheet

PA-3200 Series

Palo Alto Networks® PA-3200 Series of next-generation firewalls comprises the PA-3260, PA-3250 and PA-3220, all of which are targeted at high-speed internet gateway deployments.

  • 3146