Oracle and KPMG cloud threat report 2020

Addressing security configurations amidst a state of constant change

Laeeq Ahmed

Laeeq Ahmed

Managing Director, GRC Technology, KPMG US

+1 818-227-6032

Brian Jensen

Brian Jensen

Managing Director, GRC Technology, KPMG LLP

+1 817-946-9552

Kyle Kappel

Kyle Kappel

Cyber Security Leader, KPMG US

+1 949-431-7359

Today’s businesses are embarking on sweeping digital transformation (DX) initiatives to fundamentally retool business operations and rethink entire business models through the strategic use of digital technologies such as cloud services, mobile applications, and data analytics. The broad adoption of cloud applications is helping support a surge in remote workers while also creating new opportunities for cyber-criminals to conduct cyber fraud.

In its third edition, the Oracle and KPMG cloud threat report is a joint research project with KPMG and our alliance partner, Oracle, conducted in partnership with the Enterprise Strategy Group. It is a survey of 750 cyber security and IT professionals analyzing cloud adoption trends and the current threat landscape, focusing on how businesses can help close this near-ubiquitous cloud security readiness gap. 


Key findings


Three quarters of survey respondents feel the cloud is more secure than their data center.

Ninety-two percent of respondents say they have a cloud security readiness gap.


Eighty-eight percent of respondents expect all workloads will be autonomously updated within three years.


Cloud adoption continues to expand. Digital transformation, cloud-first initiatives, and a bullish level of confidence in the security of public clouds is driving an expanded use of cloud services.

Cyber fraud takes center stage. The threat landscape is evolving, with tried and true phishing attacks leading to an increase in cyber business fraud and compromised privileged cloud credentials.

Retooling for the cloud starts with people and process. DevSecOps, integrating cyber security into DevOps processes, offers the means to automate cloud configuration management best practices and narrow the cloud security readiness gap.

Many are betting on machine learning (ML).  Machine learning, as an implementation of artificial intelligence, has become a foundational cyber security technology, which many organizations now view as a must-have technology.

Culture is the catalyst to close the readiness gap. Security has all too often been viewed as a tax on the business and awkwardly but quite literally bolted on to projects already in production. The alarming cloud security readiness gap exposed in this year’s report reveals that today’s line-of-business-driven consumption of cloud services threatens to leave security considerations even further behind.


Additional insights

This year’s report is the first in a 5-part series, with follow-on reports offering insights into research findings on central cloud security topics.