Visitors walk by a cloud sign at the Telekom stand at the CeBIT 2017 Technology Trade Fair on March 21, 2017. New research found that half of CISOs surveyed say their organization’s desire for growth and rapid digital transformation has become detrimental to achieving data security in the cloud. (Photo by Alexander Koerner/Getty Images)

Half of CISOs surveyed say their organization’s desire for growth and rapid digital transformation has become detrimental to achieving data security in the cloud, according to new research by Netwrix.

The new report found that the top challenges CISOs have to securing cloud data were lack of IT staff (52%), insufficient budget (47%), and lack of cloud security expertise (44%).  

On an interesting note, employee negligence was cited by 38% of respondents, but only 17% chose malicious actions of insiders as an issue. This finding reflects data found in the study, since only 10% of organizations reported data theft by employees.

The Netwrix team found that these challenges are exacerbated by business demands for speedy digital transformation. One in four respondents who work in an IT department say the executives put pressure on them to drive rapid digital transformation – to the detriment of data security. This problem has become especially critical for CISOs: 48% say that the organization’s desire for growth hinders efforts to ensure data security in the cloud.

Digital transformation often means decentralized purchasing of cloud-based applications, which results in a disparate landscape of best-of-breed software with less oversight from security and IT, said Kevin Dunne, president of Pathlock. Dunne said in some ways, digital transformation has increased risk exposure because these shadow IT assets have grown in number and are often difficult to discover and protect. 

“Organizations should inspire digital transformation with security in mind, by educating stakeholders on the risks associated with these programs,” Dunne said. “Security teams should also work with the system administrators as a liaison to ensure that proper security measures are enforced throughout the enterprise landscape, and centralized security teams need visibility to the most critical applications and sensitive data.”

Douglas Murray, CEO at Valtix added that while organizations have struggled to hire top IT and security talent for several years, the rapid push to the cloud has made the situation even more difficult because there are fewer people who have expertise in these new technologies.  

“This is precisely why cloud-first solutions are so important,” Murray said. “Cloud-first solutions reduce the need to understand all of the individual nuances and differences of cloud and especially multi-cloud. They reduce the talent burden by eliminating all of the manual effort required to forklift on-prem security tools to an environment that they weren’t intended to defend.”