64% of Indian organisations struggle to integrate user identity and access data into preventive cybersecurity practices
Tenable the Exposure Management company, has published new findings highlighting that the vast majority of Indian cybersecurity and IT leaders (70%) view cloud infrastructure as the greatest source of cyber risk in their organisation. The perceived risks stem from the use of public cloud (36%) and/or multi-cloud (23%) and private cloud infrastructure (10%).
Respondents are particularly worried about the complexity introduced when trying to correlate user and system identities, access, and entitlement data. Within this context, 78% of Indian respondents emphasised the importance of considering user identity and access privileges. However, 64% say their organisations struggle to integrate this crucial data into preventive cybersecurity practices, revealing a gap between recognition and practical implementation.
These findings are part of the Indian edition of “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in India,” based on a commissioned study of 825 IT and cybersecurity professionals including 69 Indian respondents conducted in 2023 by Forrester Consulting on behalf of Tenable. The report outlines the challenges and risks associated with cloud infrastructure.
As well as specific cloud security concerns, the Tenable study highlights that 57% of Indian respondents express that a lack of data hygiene in user data and vulnerability management systems prevents employees from making prioritisation decisions. Additionally, 56% of organisations spend 11 hours or more per month creating security reports for business leaders and 46% of them use multi-tabbed spreadsheets to analyse data from different solutions.
While 28% hold monthly meetings on business-critical systems, 9% of organisations only meet once a year (or less), indicating a need for more consistent strategic discussions on organisational security.
The study also showed that 78% of respondents allocate 25 or more employees to tasks related to deploying, supporting, maintaining, and managing vendor relationships for cybersecurity tools. This underscores the substantial human resources required for effective cybersecurity measures.
“Almost everything in the cloud is one excess privilege or misconfiguration away from exposure,” said Kartik Shahani, country manager at Tenable India. “The intricate cloud landscape prompts organisations to resort to various tools and point solutions to counteract these threats. Unfortunately, this approach drains resources, leading to substantial costs as they grapple with configuring and implementing disparate products. Effectively securing the cloud requires more than just technical proficiency; it demands a nuanced understanding of assets, vulnerabilities, and their alignment with overarching business objectives.”