Cloud Infrastructure Tops Cyber Risk for Indian Businesses: Tenable Study

Tenable, an Exposure Management company, has released insights underscoring that a majority (70%) of cybersecurity and IT leaders in India consider cloud infrastructure as the primary cyber risk within their organizations. Notably, concerns are associated with the utilization of public cloud (36%), multi-cloud environments (23%), and private cloud infrastructure (10%). These findings shed light on the critical focus required to manage and secure cloud-based systems amid the evolving landscape of cyber threats in the Indian business sector.

Survey participants express heightened concerns about the intricacies involved in correlating user and system identities, access, and entitlement data. Notably, 78% of Indian respondents underscore the significance of incorporating user identity and access privileges into cybersecurity considerations. Paradoxically, 64% acknowledge organizational struggles in integrating this critical data into proactive cybersecurity practices, unveiling a noteworthy disparity between the acknowledgment of importance and the practical challenges of implementation. This gap underscores the need for concerted efforts to bridge the divide between recognizing cybersecurity priorities and effectively translating them into operational strategies.

These results are part of the Indian segment of the report titled "Old Habits Die Hard: How People, Process, and Technology Challenges Are Hurting Cybersecurity Teams in India." The study, commissioned by Tenable and conducted by Forrester Consulting in 2023, involved 825 IT and cybersecurity professionals, including 69 Indian respondents. The report comprehensively addresses the challenges and risks associated with cloud infrastructure, offering valuable insights into the evolving landscape of cybersecurity issues in India.

In addition to specific apprehensions regarding cloud security, the Tenable study underscores that 57% of Indian respondents identify a deficiency in data hygiene within user data and vulnerability management systems, hindering informed decision-making by employees. Furthermore, the study reveals that 56% of organizations dedicate 11 hours or more each month to crafting security reports for business leaders, and 46% resort to using multi-tabbed spreadsheets for analyzing data derived from various solutions. These findings shed light on the challenges surrounding data management practices and the resource-intensive nature of security reporting processes, emphasizing the need for streamlined approaches to enhance data hygiene and reporting efficiency in cybersecurity protocols.

While 28% hold monthly meetings on business-critical systems, 9% of organizations only meet once a year (or less), indicating a need for more consistent strategic discussions on organizational security.

The study reveals that a significant 78% of respondents assign 25 or more employees to handle the deployment, support, maintenance, and management of vendor relationships for cybersecurity tools. This highlights the considerable human resources invested in the intricate tasks associated with maintaining effective cybersecurity measures. The data underscores the workforce commitment needed to navigate the complexities of cybersecurity tool integration, emphasizing the substantial personnel involvement required for robust and comprehensive cybersecurity strategies.

“Almost everything in the cloud is one excess privilege or misconfiguration away from exposure,” said Kartik Shahani, country manager at Tenable India. “The intricate cloud landscape prompts organizations to resort to various tools and point solutions to counteract these threats. Unfortunately, this approach drains resources, leading to substantial costs as they grapple with configuring and implementing disparate products. Effectively securing the cloud requires more than just technical proficiency; it demands a nuanced understanding of assets, vulnerabilities, and their alignment with overarching business objectives.”