2020

THE CISO CLOUD/SAASSECURITY REPORT

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 2

The number of employees working from home or other remote locations has

skyrocketed, and for many, the change is likely to become permanent on a part-

time — if not full-time — basis. This massive shift has led to a rise in the use of cloud

applications and services, along with an increase in risky behaviors and a further

blurring of the lines between personal and corporate IT resources.

In light of this evolution, what types of cloud usage and cyber threats are network

security managers most concerned about? Which cloud services inspire their

confidence, and which cause concern? What changes in security solutions and

strategies are they planning to address these concerns?

To find the answers to these questions, we conducted a survey of Cybersecurity

Insiders’ 400,000-member information security community.

For a panel discussion about options and strategies for addressing the needs and

concerns raised in this survey, we invite you to watch our webinar “What You Need to

Know about CISO Cloud/SaaS Concerns & Plans”

Many thanks to Enea Qosmos for supporting this important research project.

We hope you find the information shared by respondents useful in assessing and honing

your own cybersecurity strategies, and we hope that you enjoy reading the report.

Thank you,

Holger Schulze

EXECUTIVE SUMMARY

Holger SchulzeCEO and FounderCybersecurity Insiders

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 3

FINDING 1:

WFH Practices: The business use of personal devices is the working from home

(WFH) practice seen as carrying the greatest security risk, followed closely by the use

of Infrastructure as a Service (IaaS).

FINDING 2:

Cyber Threats: Malware infections and data loss are the top cloud/Software as

a Service (SaaS) cyber threat concerns, cited as a top concern by 77% and 72% of

respondents respectively.

FINDING 3:

Attack Vectors: File sharing and hosting services (72%) and cloud email (57%) are

perceived as the top cloud/SaaS attack vectors.

FINDING 4:

Investment Plans: In response to cloud/SaaS concerns, security spending is

expected to increase:

• 90% of respondents report plans for new investments in cloud-based security

components as well as comprehensive solutions like Software-Defined Wide Area

Network (SD-WAN) and Secure Access Service Edge (SASE).

• 82% report plans for new investments in on-premise solutions (e.g., endpoint security

and next generation firewalls).

KEY FINDINGS

CLOUD/SAAS CHALLENGES

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 5

CLOUD SECURITY CONCERNS REMAIN HIGHAn overwhelming majority of survey participants are concerned about public cloud security, with more than half reporting they are “very” to “extremely” concerned. This aligns with findings from prior Cybersecurity Insiders surveys, indicating that concern about cloud security remains stubbornly high.

How concerned are you about security risks associated with the increased use of public clouds?

41%

Extremely concerned

94% Organizations are extremely to moderatelyconcerned about cloud security.

Not at all concerned

1%5%

22%

31%

Extremely concernedNot at all concerned Very concernedSlightly concerned Moderately concerned

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 6

WFH PRACTICE CONCERNSThe use of personal devices for work is the WFH practice that most concerns security professionals, followed very closely by the use of IaaS solutions. In comparing similar domains, the use of personal devices is of greater concern than personal networking solutions (e.g., Virtual Private Networks (VPNs) & Local Area Networks (LANs)) by a margin of 34% to 22%. And, IaaS services invoke greater concern than SaaS applications (33% vs 11%).

Which unauthorized Work From Home (WFH) IT practices are you most concerned about with respect to security?

Use of personaldevices

Use ofunauthorized

cloud laaS services(e.g., storage, backup,

compute workloads, etc.)

Use ofunauthorized

local networks(e.g., personal VPNs,

home LANs, etc.)

Use ofunauthorized

cloud SaaS apps(e.g., videoconferencing,

messaging, etc.)

11%

34% 33%22%

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 7

CYBER THREAT CONCERNSMalware infection is the cloud risk which concerns security professionals the most, followed closely by data loss and credentials compromise. The fact that malware is viewed as a more significant threat than data breaches represents a slight shift from our 2019 cloud security research, indicating a real or perceived increase in the use of the cloud as a malware injection vector.

Which SaaS-related threats are you most concerned about?

77% 72%Malware infection

of connected devices(via email, websites,

applications, plug-ins, etc.)

Data loss or theft(internal actor; malicious,or accidental due to use

of unauthorized software,processes or devices)

Credentialstheft/accountcompromise

69%

Cloud data breaches(external actor)

45% 35%Breach of enterprise

network via cloud

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 8

SAAS CATEGORY CONCERNSFile sharing and storage services top the list for perceived risks, with three quarters of respondents rating them as their number one security concern, followed by cloud email and instant messaging apps, which more than half of respondents rate as their highest concern.

Which types of SaaS apps are you most concerned about from a security point of view?

72% 57%File hosting &

transfers(e.g., Dropbox, Google Drive,

WeTransfer, etc.)

Cloud email(e.g., Gmail, Outlook,

iCloud, etc.)

Instantmessaging(e.g., Telegram,

WhatsApp, WeChat, etc.)

52%

35%Communication &

collaboration(e.g., Skype, MS Teams,

Slack, etc.)

42%Videoconferencing

(e.g., Zoom, MS Teams,GoToMeeting, etc.)

23%Project management

(e.g., Trello, Monday.com, Basecamp, etc.)

Other 6%

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 9

OFFICE 365 & GOOGLE G SUITE CONCERNSAmong G-Suite apps, those causing the most security concerns were Google Docs, Google Drive and Gmail. For Microsoft Office 365, the top applications by level of concern were Sharepoint, OneDrive and Outlook. As noted previously, file sharing and storage services top the list for perceived risks by service type, followed by cloud email. So, these responses underscore the high concern security managers have about the two categories of applications.

Do you have security concerns about the authorized or unauthorized business use of any of these Office 365 apps?

Do you have security concerns about the authorized or unauthorized business use of any of these Google G Suite apps?

42%

27%

23%

19%

34%

46%

40%

38%

35%

28%

43%

Not concerned about any 41% | Other 6% Not concerned about any 26% | Other 6%

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 10

EXPECTATIONS FOR CLOUD TRAFFIC ANALYSIS Respondents expect their cloud/SaaS providers to have quite a high level of visibility into their organization’s traffic, with priority given to the extraction of metadata that can be used to detect threats, with intelligence about files, emails, and network authentication and connection processes topping the list. As might be expected, these three types of traffic intelligence play an important role in combatting the three SaaS-related threats respondents said they are most concerned about: malware infection, data loss, and credentials theft.

Which types of traffic analysis do you think cloud/SaaS providers should be using to properly understand and secure customer activities?

General traffic categorization (video, audio, etc.) 36% | Not sure/other 9%

77% 71% 70%

64%68% 52%

File metadata(for data loss prevention/

malware analysis/file reconstruction)

Email content(link detection & extraction

and/or attachedfile identification for

malware analysis)

Security-specificmetadata

(e.g., detection of tunnelingon protocols such as DNSor ICMP, JA3/JA3S, NTLM

and KRB5-related metadata)

Flow metadata(path and behavior of packets as they traverse the network)

Serviceidentification

(e.g., Skype audio call)

Application/protocolidentification

(e.g., Office 365 SharePoint)

CLOUD/SAAS INVESTMENT STRATEGIES

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 12

In response to increased SaaS and cloud usage and the shift to home and remote work, and the evolving threat landscape accompanying these changes, slightly more than one-third of network and security managers are planning to deploy a Software-Defined Wide Area Network (SD-WAN) to connect their workers and IT assets and services. Together with those who have already deployed SD-WAN, this means nearly two-thirds of all enterprises will rely on SD-WAN to manage and secure their networks.

PLANS FOR SD-WAN

Does your organization use an SD-WAN, (Software-Defined Wide Area Network), for multi-cloud/multi-site environments?

Not yet, butplanning to

35%

63%

No plans for SD-WAN

20%

Yes

28%

17%Not sure

Have deployed or planto deploy SD-WAN.

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 13

In response to new cloud and SaaS challenges, more than half of respondents have deployed or plan to deploy a Web Application Firewall (WAF) and a gateway Firewall-as-a-Service (FWaaS) or Unified Threat Management (UTM) solution. More than 40% also have plans for Domain Name System (DNS)-layer security and Zero Trust Network Access (ZTNA) solutions. This shows an interest in combining defensive and offensive security, with a mix of solutions that can prevent connections to malicious web applications and destinations from ever taking place, that can block malware at the point of entry, or that can at least prevent the lateral movement of any malicious files that have penetrated defenses. Nonetheless, firewalls top the list of defensive strategies.

PLANS FOR CLOUD SECURITY SOLUTIONS

Which other cloud security solutions are you using, or planning to use, in response to new cloud/SaaS security challenges?

58% 56%WAF Conventional/

next generation (NG)FWaaS or UTM solution

DNS-layersecurity

48%

38%ZTNA

42%Cloud Access

Security Broker(CASB)

32%Secure Cloud

Gateway(SCG)

None of the above 10% | Other 4%

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 14

Almost one in five respondents have deployed some type of SASE solution already, and another 25% plan to do so. This is high penetration for a relatively new paradigm defined less than a year ago by Gartner as both a best practice prescription and a reflection of an in-progress industry evolution. It also seems to validate Gartner’s prediction that 40% of enterprises will develop strategies to adopt SASE by 2024. It is a paradigm that aligns with WFH/SaaS trends in that it offers combined networking and security as a cloud service, with the dynamic scaling and provisioning that accompany all SaaS solutions - regardless of where users, data, applications, or devices are located.

PLANS FOR SASE

Have you deployed a Secure Access Service Edge (SASE)-type solution?

Not yet, butplanning to

25%

No plans at this timeto subscribe to aSASE solution

36%

Yes

17%

22%Not sure

42% Have adopted orplan to adopt SASE.

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 15

An overwhelming majority of respondents, 82%, plan to invest in additional on-premise security solutions in response to perceived cloud and SaaS risks. The top three types of solutions planned - endpoint security, next generation firewalls, and intrusion detection and prevention systems - all focus on protection against known threats; however, “endpoint security” plans may include new endpoint detection and response solutions which correlate endpoint and network events to detect unknown threats.

PLANS FOR NEW ON-PREMISE SOLUTIONS

In response to increased external threats from cloud/SaaS usage, do you plan new or additional deployments of solutions like these inside your enterprise perimeter?

54% 50%UTM/NGFWEndpoint Security

SolutionIntrusion Detection/

Prevention(IDS/IPS)

48%

Data LossPrevention (DLP)/

SSL Proxies

44%Email Security

Solution

42%Network Traffic

(Behavior)Analysis (NTA)

36%

Network Detection & Response (NDR) (combined NTA & IPS software or appliance) 30% | Enterprise VPN 28% | No new enterprise deployments anticipated within next 2 years 18%

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 16

METHODOLOGY & DEMOGRAPHICSThis CISO Cloud/SaaS Security Report is based on the results of a comprehensive online survey of 378 cybersecurity professionals, conducted in September 2020, to gain deep insight into the latest trends, key challenges and solutions for cloud protection. The respondents range from technical executives to managers and IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.

CAREER LEVEL

17% 15% 15% 13% 12% 8% 6% 4% 10%

35% 19% 10% 8% 6% 4% 18%

25% 12% 15%

16%4%

25%15% 8%

31% 21% 8% 6% 6% 4% 4%

Director Vice President CTO,CIO,CISO,CMO,CFO,COO Manager/Supervisor Specialist Consultant Administrator Project Manager Other

DEPARTMENT

IT Security IT Operations Sales/Marketing Engineering Security Operations Center (SOC) Product Management Other

INDUSTRY

Technology Financial Services, Banking or Insurance Healthcare Retail or Ecommerce Telecommunications or ISP Energy or Utilities Government Manufacturing Other

COMPANY SIZE

Less than 100 100-499 500-999 1,000-4,999 5,000-9,999 10,000 or more

25% 15% 15% 8% 4% 3% 3% 27%

PRIMARY ROLE

IT Manager, Director or CIO CSO, CISO, or VP of Security Security Manager or Director Auditor Security Analyst Security Administrator Threat Analyst Other

2020 THE CISO CLOUD/SAAS SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 17

ENEA Qosmos Division

Enea is one of the world’s leading suppliers of innovative software for telecommunication

and cybersecurity. Focus areas are cloud-native, 5G-ready products for data

management, mobile video traffic optimization, edge virtualization, and traffic

intelligence. More than 3 billion people rely on Enea technologies in their daily lives.

The embedded traffic intelligence products provided by Enea classify traffic in real-

time and provide granular information about network activities. The portfolio includes

the Enea Qosmos ixEngine® and the Enea Qosmos Probe. The products support a

wide range of protocols and are delivered as software development kits or standalone

network sensors to network equipment manufacturers, telecom suppliers, and vendors

of cybersecurity software.

For more information visit: www.enea.com