2019 Thales Access Management Index Finds Almost Half of Businesses Believe Cloud Apps Make Them Target for Cyber-Attacks
According to new research from Thales, almost half (49%) of businesses believe cloud apps make them a target for cyber-attacks. Surveying 1,050 IT decision makers globally, Thales’ 2019 Access Management Index revealed that cloud applications (49%) are listed in the top three reasons an organization might be attacked, just behind unprotected infrastructures such as IoT devices (54%) and web portals (50%).
With cloud applications now a crucial part of day-to-day business operations, the majority (97%) of IT leaders believe that cloud access management is necessary to continue their cloud adoption. However, despite four in 10 (38%) organizations appointing a CISO due to concerns over data breaches in the past 12 months, and 79% of IT decision makers stating that CISOs are responsible for selecting the solutions their company has in place, just one in 10 (14%) are given the final decision on cloud access management. In fact, companies are more likely to put their faith in a traditional IT role, CIOs (48%) when dealing with this, suggesting a disconnection between the decision-making and implementation surrounding cloud security.
“Thales protects our customers’ business by enabling them to securely access and use cloud applications. The 2019 Thales Access Management Index findings clearly show concerns surrounding cyber-attacks when deploying cloud applications. Trusted access to the cloud is key to our customers’ digital transformation, but without adequate investment in a dedicated CISO office, organizations will lack the leadership required to implement the correct security strategy or solutions to keep them secure in the cloud,” says Tina Stewart, vice president market strategy for cloud protection and licensing activity at Thales.
Breaches bringing changes
Positively, the growing awareness of consumer data breaches has led to organizations taking action; almost all (94%) have changed their security policies around access management in the last 12 months. What’s more, the biggest areas of changes have focused around: staff training on security and access management (52%); increasing spend on access management (45%), and access management becoming a board priority (44%).
Obstacles blocking access management
In spite of the updates to security policies, the majority of IT leaders (95%) believe ineffective cloud access management is still a concern for their organization. In fact, their biggest concerns are its impact on security (48%), IT staffs’ time (44%) and on operational overheads and IT costs (43%). Worse, when it comes to implementing access management solutions, they cited costs (40%), human error (39%) and difficulty integrating them (36%) as the biggest obstacles.
When it comes to cloud solutions, three-quarters (75%) of organizations already rely on access management to secure their external users’ logins to online corporate resources. In particular, two-factor authentication is the most likely (58%) tool to be seen as effective at protecting cloud and web-based apps, followed by smart single sign-on (49%) and biometric authentication (47%).
Stewart concludes: “While organizations are getting to grips with access management solutions, IT and business decision makers must ensure they understand the risks to their cloud solutions in order to implement the relevant ones. These solutions must be perimeter-free, compatible with a zero-trust model and flexible and adaptive in order to make the most of the latest technologies such as Smart SSO. Without effective access management tools in place organizations face a higher risk of breaches, a lack of visibility and incur extra costs from a poorly optimized cloud.”
- IAM Product/ Project Manager
- Upto €80,000 plus benefits
IAM product/project manager is need for this expanding service provider to help develop their IAM (CIAM) strategy roadmap. This role will have two main functions, to work between the front end digital team and the backend IAM development team to ensure that the current deployment of the solution runs smoothly and is fit for purpose, the Second function is to look at the business’ future digital offerings and to understand how the IAM/CIAM solution will develop with the new digital strategy, you will be looking at the future technology and the ensuring the IAM solution is fit for purpose. The business is an agile environment and you will require agile experience. This is a great opportunity to help shape a key product within the future digital strategy of this expanding service provider. We are looking for someone with both IAM and strong product management experience Project management experience would be beneficial. If you are interested speak to Robert Anderton on 0044 (0) 7957 493501 and he will be able to discuss the role in more details IAM product/project manager is needed for this expanding service provider to help develop their IAM (CIAM) strategy roadmap. This role will have two main functions, to work between the front end digital team and the backend IAM development team to ensure that the current deployment of the solution runs smoothly and is fit for purpose, the second function is to look at the business’ future digital offerings and to understand how the IAM/CIAM solution will develop with the new digital strategy, you will be looking at the future technology and the ensuring the IAM solution is fit for purpose. The business is an agile environment and you will require agile experience. This is a great opportunity to help shape a key product within the future digital strategy of this expanding service provider. We are looking for someone with both IAM and strong product management experience Project management experience would be beneficial. If you are interested then speak to Robert Anderton on 0044 (0) 7957 493501 and he will be able to discuss the role in more details
- Cyber Incident Manager, Proactive planning and management. SC
Cyber Incident Manager, Proactive planning and management. Cyber incident Manager needed to join a large and complex business to help them prepare for a cyber related incidents. SC clearance will be required. Current or the ability to achieve. This role does not require specific current hands on technical Incident response experience, but this background would give a distinct advantage. The role has two key functions: to help the business prepare for an event and to steer them through when / if that happens. The Cyber Incident response managers role will include, but not be limited to; working with internal stakeholders to develop a security incident management plan along with its and supporting policies. Developing plans and implementing strategies on how incidents are detected, reported, assessed and responded to. Engaging with leadership teams both internal and external, proactively mapping out this large business to identify and engage the various other stakeholders and their teams. Build out and document incident scenarios and their processes, ensure incident management procedures are updated, playbooks and key training etc. You should have experience working with both internal teams and external suppliers. The role will also focus on liaising with the various teams to ensure the security incident response plan is delivered effectively. CCIM, GCIH, CIPR (NCSC-Certified Cyber Incident Planning & Response) Looking to interview immediately.
- SOC Manager. SC Clearance. Immediate opportunity.
Permanent SOC Manager. SC cleared / clearable, London / Birmingham. SOC Manager needed to replace a SOC contractor I placed into a client who is due to complete their assignment at the end of March. The ability to achieve SC clearance is essential. Looking for someone that is a blend of strategic stakeholder engagement with strong technical skills. The role will sit in a relatively new SOC environment. The position is to setup, implementation and management of resources to help with the initial and on-going stages of a new SOC. Experience engaging with and managing client stakeholder relationships as well as 3rd party relationships is critical. The role will involve; setting up, implementing and fine tuning the various initial stages of a SOC environment. Experience establishing and building out technical process / operational capability, managing of technical teams (analysts, engineers and architects, creation of policy / playbooks, fine turning is key. SPLUNK is the tooling of choice… Interviewing immediately. Set up a call with me today on https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-manager-role Direct contact details Chris.Holt@dclsearch.com or 07884666351
- Security engineer. Financial Services. UK. Permanent
CH7863 Security engineer. End User . Financial Services Security Engineer needed to monitor and manage a security suite of tools within an End User environment. The Security Engiener will be responsible monitoring, configuring, fine tuning, incident management and generally improving the security tool capability. Specific experience with CyberArk, Tripwire Log Center and Tripwire Enterprise is highly desirable). Current experience with Vulnerability management and penetration testing is highly desirable. Specifically the ability to effectively manage 3rd party pen tests. You will be working within a specialist security team reporting to the CISO. Experience working within an end user environment within financial services is highly desirable. Flexible location. This is an exclusive role to DCL Search & Selection. To book a call please use my Calendy link https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-role-