Security Assessment Cylanda Security Assessment Welcome to the Cylanda Security Assessment. This assessment has been designed to reveal your organization's security posture on cybersecurity threats, investment priorities, solutions for cloud security, threat management, application security, security training and certifications, and more.Please complete this Assessment to the best of your ability and reach out to our staff for guidance if needed. Thank you Company / Organization Name* Participants in the survey (eg. members of the IT dept, Cylanda staff, etc.) Email address (where to send Assessment results)* 1. What security topic(s) are you most familiar with or interested in? (Select all that apply) *Cloud securityMobile security & BYODApplication securityNetwork securityThreat managementData protection and encryptionIdentity and Access ManagementManaged Security ServicesERP SecurityFile SharingSecurity Training and CertificationNoneOther (please specify) 2. How confident are you in your organization’s overall security posture? (Select one)*Extremely confidentVery confidentModerately confidentSlightly confidentNot at all confident 3. How would you rate your organization’s overall security strength (ability to resist cyber threats) in each of the following areas (select on a scale from 1 to 5, with 5 being highest):*12345N/ADatacenter (physical & virtual servers) Cloud infrastructure (IaaS, PaaS) Web applications (custom built)Cloud applications (SaaS)Desktops (PCs)Laptops / notebooksNetwork perimeter / DMZ (web servers)Business Applications (ERP, HR, CRM, SCM, BI) Social media applications (Facebook, Twitter)Mobile devices (smartphones, tablets) 4. How many times do you estimate that your organization has been compromised by a successful cyberattack within the past 12 months?00100 5. How long did it take your organization to recover from a cyberattack (on average)? (Select one)*Within minutesWithin hoursWithin one dayWithin one weekWithin one monthWithin three monthsLonger than three monthsNo ability to recoverI don't knowCannot discloseNot applicable 6. What negative impact have security incidents had on your company in the past 12 months? (Select all that apply)*Reduced revenue / lost businessDisrupted business activitiesReduced employee productivity Increased helpdesk time to repair damage Regulatory finesLawsuit / legal issuesDeployment of IT resources to triage and remediate issueLoss/compromise of intellectual propertyCorporate data loss or theftDon’t know / unsureNoneother 7. What is the likelihood that your organization will become compromised by a successful cyberattack in the next 12 months? (Select one)*Extremely likelyVery likelyModerately likelySlightly likelyNot at all likelyDon't know 8. Please rate your overall concern for each of the following cyberthreats targeting your organization. (Select on a scale of 1 to 5, with 5 being highest)*12345N/AWatering hole attacksHijacking of accounts, services or resourcesPhishing / spear-phishing attacksSSL-encrypted threatsDrive-by downloadsUnauthorized accessDenial of service (DoS/DDoS) attacksZero-day attacks (against publicly unknown vulnerabilities)Malware (viruses, worms, Trojans, ransomware)Web application attacks (buffer overflows, SQL injections, cross-site scripting)Advanced persistent threats (APTs) / targeted attacksMalicious / careless Insiders 9. What types of sensitive data are you most concerned about protecting? (Select all that apply)*EmailCustomer data (e.g. names, contact information, credit card data)Sales & marketing data Employee data (HR, payroll)Contracts, invoices, ordersFinancial corporate dataControlled or privileged government dataIntellectual property (designs, formulas, blueprints)DevOps / development dataHealth informationNoneNot sureother 10. Which of the following barriers inhibit your organization from adequately defending against cyberthreats? (Select all that apply)*Low security awareness among employeesToo much data to analyzeLack of skilled personnelLack of budgetLack of management support / awarenessLack of contextual information from security toolsPoor integration / interoperability between security solutions Lack of collaboration between separate departmentsLack of effective solutions available in the marketInability to justify additional investmentNoneNot sureother 11. If you already have a cybersecurity program in place, is it: (Select all that apply)*In-houseOutsourced / through a managed service No security program in placeDon’t knowother 12. How effective have the following security technologies and controls been at protecting against cyberattacks? (Select on a scale of 1 to 5, with 5 being highest)*0 - not implemented12345Employee usage monitoringAccess controlNetwork encryption (VPN, packet encryption, transport encryption)Data encryptionData leakage preventionSecurity Information and Event Management (SIEM)Content filteringNetwork monitoringIntrusion detection & preventionEndpoint security controlsSingle sign-on / user authenticationTrained cloud security professionalsFirewalls / NACLog management and analyticsDatabase scanning and monitoringBusiness Application and ERP scanning and monitoringMobile device management (MDM)Patch managementAnti-virus / Anti-malwareCyber forensics 13. What privacy regulations and laws does your organization have to comply with? (Select all that apply)*CA SB 1386US PATRIOT ActEUDPDSOXPIPEDABSAHIPAAPCI DSSFISMAGDPRGLBAPrivacy ShieldNIST SP 800-171ISO 27001SOC2We are not subject to any regulationsother 14. How do you plan to handle your evolving security needs in the next 12 months? (Select all that apply)*Use security software from independent software vendor(s)Partner with a managed services provider who will provide the resourcesExpand existing relationship with managed services providerTrain and/or certify existing IT staff to become security expertsDeploy additional security solutions from hardware/software vendorsAdd security staff headcountNo changeNot sureother 15. Considering your organization, how would you rate the overall status of your team’s security readiness? (Select one)*Not a problemSomewhat a problemDefinitely a problemSevere problemNot sure 16. What percentage of your employees would benefit from security training and/or certification for their job?*00100 17. How effective is your current security training program? (Select one)*Very effectiveSomewhat effectiveNeither effective or ineffectiveSomewhat ineffectiveVery ineffectiveNot sure 18. Regardless of whether or not you have these security certifications, how much are these certifications valued by the company/your employer?*0 - Not sure / Not familiar1 - Not at all valued2345 - Extremely valuedCASPCCISOCCSPCEHCGEITCISACISMCISMPCISSPCRISCCSXPGPENGSECNetwork+OSCPSecurity+SSCP 19. Which of the following topic areas would you find most valuable for ongoing training and education to be successful in your current role? (Select the top 3)*Digital forensicsApplication or ERP SecurityRisk-based frameworksOpen source vulnerabilitiesCloud-enabled cybersecurityPIIInternet of ThingsMobile securityIncident responseDevOpsRegulatory complianceSoft skills (leadership, effective teamwork, communicating to persuade/educate)other 20. What are the most important security skills required in your organization? (Select all that apply)*Knowledge of critical (internal) business processesMalware analysis skillsKnowledge of adversaries and campaignsFamiliarity with commercial tools and feedsAbility to write correlation rules to link security eventsReporting/writing skillsIntelligence analysis skillsIncident response skillsKnowledge of normal network and system operations to detect abnormal behaviorsPresentation/oral communications skillsother 21. What forms of training does your organization provide? (Select all that apply)*Online training courses by third party providersHandbooksInternal training for our employeesClassroom training courses by third party providersNo formal training providedother 22. Does your organization provide incentives for security training and certification? (Select one)*YesNoNot sure 23. How is your security budget changing in the next 12 months? (Select one)*IncreaseUnchangedDecreaseNot sure 24. If the budget for your security program will increase, indicate by what percentage?00100 25. What is your organization’s security investment priority in each of the following areas over the next 12 months (Select once choice for each area).*Reduce SpendMaintain SpendIncrease SpendMobile devices (smartphones, tablets)Cloud applications (SaaS)Web applications (custom built)Social media applications (Facebook, Twitter)Datacenter (physical & virtual servers)Training / Education / CertificationLaptops / notebooksCloud infrastructure (IaaS, PaaS)Network perimeter / DMZ (web servers)Desktops (PCs)Managed Security Services (MSSP) 26. What is your organization’s approximate annual IT SECURITY spend as a percentage of overall IT budget (excluding headcount)?*00100 27. Who ultimately determines the security spend in your organization? (Select one)*BoardCEO/PresidentCFOCIOCISOSecurity Leaderother 28. Which types of applications present the highest security risk to your business? (Select all that apply)*Internal-facing web applicationsCustomer-facing web applicationsBusiness Applications (ERP, SCM, MES, HR SRM, etc.)Desktop (client applications)Mobile applicationsDon’t know / unsureother 29. How many unique applications are in your environment? (Select one)*Less than 100101-500501-1,000More than 1,000Don’t know /unsure 30. What are your top 3 application security concerns? *Effective threat modelingSecuring applications we developSecuring commercial off-the-shelf softwareoff-the-shelf software Securing cloud appsSecuring business apps (ERP, etc.)ERP, etc.) Securing mobile appsSecuring open source softwareProtecting dataThreat detection / breach detectionMalwareMeeting customers’ security needs and requirementsMeeting regulatory / compliance requirementsDon’t know / unsureother 31. When was the last time that one of your company’s applications was breached / compromised / attacked? (Select one)*Within the last monthWithin the last yearWithin the last 5 yearsMore than 5 years agoNeverDon’t know / unsure 32. Where do you think your company is in terms of the maturity of your application security strategy? (Select one)*On the cutting edge – We follow a Secure SDLC or framework like OpenSAMM; even trying new approachesMature - We have all of the pieces in placeSomewhat mature - Some aspects not fully developed or deployedJust touching the surface – Some testing of apps before deploymentNot doing anythingDon’t know / unsure 33. What application security testing or monitoring do you have in place currently? (Select all that apply)*Dynamic scanning of production codeIn-house, manual penetration testing teamAutomated scanning of apps in QA or productionWe require our software vendors to secure code before it enters our environmentCode reviewsAutomated source code scanning during developmentWeb application firewall (WAF) in placeOutsourced penetration testingNone of the aboveAutomated binary code scanning during developmentDon’t know / unsureother 34. Which of the following application and data-centric security technologies are currently in use or planned for acquisition (within 12 months) by your organization to guard enterprise applications and associated data repositories against cyberthreats?*Currently in usePlanned for acquisitionNo PlansDatabase activity monitoring (DAM)Web application firewallCloud access security broker (CASB)Application delivery controller (ADC)Application vulnerability scannerFile integrity / activity monitoring (FIM/FAM)Runtime application self-protection (RASP)Data encryptionStatic/dynamic/interacti ve application security testing 35. If you already have an application security program in place, is it: (Select all that apply)*In houseOutsourced / Through a managed serviceNo security program in placeDon’t know / unsureother 36. What are the most important criteria for you when selecting an application security tool or service? (Select up to 3)*AccuracyComprehensiveness of capabilitiesCredibility (Established vendor)SaaS optionEnterprise-class supportEase of integrationEase of useTime required to get the tool up and running in my environmentPricing / licensingScalabilityDon’t know / unsureother 37. What secure development initiatives do you currently employ, if any? (Select all that apply)*A role-based security education programAn established security gate to identify vulnerabilities in releasesRegular security code reviews on all code check-insA process to track the usage and security of third-party or open source codeNone of the aboveDon’t know / unsureother 38. How are you currently monitoring applications for security issues? (Select all that apply)*We use code signing in deployment of our appsWe actively monitor applications running in production to collect and respond to threat intelligenceWe have a feedback loop to share incidents and identified vulnerability information back to our development and design teamsWe use a web application firewall (WAF) to protect our applicationsNone of the aboveDon’t know / unsureother 39. How confident are you in your application security program on a scale of 1 (not confident) to 5 (most confident)? *Very unconfident 1Unconfident 2Somewhat Confident 3Confident 4Very confident 5 40. How is the budget for your application security program changing over the next 12 months? (Select one)*IncreaseDecreaseStay the sameDon’t know / Not sure 41. If the budget for your application security program will increase, indicate by how much. (Select one)*1 to 5%6-10%11-15%16-20%Greater than 20%Not increasingDon’t know / Not sure 42. How many full-time application security and pentesting people do you have in your company? (Select one)*1-1011-2526-5051-100100+NoneDon’t know / unsure 43. What challenges do you face in implementing an application security program? (Select all that apply)*No challengesLack of skillsLack of budgetLack of support/management buy-inLack of human resourcesDon’t know / unsureother 44. Does security slow down continuous development methods like DevOps at your organization? (Select one)*No, security is ignored completely in our DevOps processNo, security is fully integrated with DevOpsYes, security slows down DevOps at my organizationother 45. What Application Security measures are you taking in order to protect your business applications? (Select all that apply)*Static / Dynamic testingNot sureSecurity monitoringWeb Application FirewallsBug Bounty programsDeveloper educationPenetration testingNoneother 46. Do you have a security policy for adoption of third party applications in your organization (supply chain)? (Select one)*Yes, we identify and test all third party softwareYes, we have a policy, but no enforcementNo, we do not have a policy for third party softwareNot sureother 47. What types of applications are most vulnerable to cyberattacks? (Select all that apply)*Cloud applicationsHRSales & Marketing (CRM, marketing automation, etc)Productivity (Office 365, word processing, spreadsheets, etc)Project managementCollaboration & communication (email, messaging)Supply chain managementCloud storage & file sharing apps (DropBox, OneDrive, etc)IT OperationsContent managementWebsiteERP / Enterprise Resource Planning (SAP, EBS, JDE, Peoplesoft)Disaster recovery /storage /archivingCustom business applicationsSocial media (Facebook, LinkedIn, Twitter, etc)Warehouse ManagementMES and Manufacturing managementApplication development & testingFinance & accounting (SAP, Peoplesoft)Business intelligence / analyticsNot sureother 48. Describe your agreement with the following statement: “My organization has invested adequately in technology to monitor activities of users with elevated or privileged access rights.” (Select one)*Strongly agreeSomewhat agreeNeither agree or disagreeSomewhat disagreeStrongly disagree 49. What type of insider threats are you most concerned about? (Select all that apply)*Inadvertent data breach / leak (e.g., careless user causing accidental breach)Negligent data breach (e.g., user willfully ignoring policy, but not malicious)Malicious data breach (e.g., user willfully causing harm)Not sureother 50. What motivations for malicious insider threats are you most concerned about? (Select all that apply)*IP theftFraudSabotageEspionageMonetizing sensitive data (such as credit card or social security numbers)Not sureother 51. What are the top 3 user groups pose the largest security risk to your organization? *Regular employeesOther IT staffContractors / service providers / temporary workersBusiness partnersPrivileged business usersPrivileged IT users /adminsExecutive managersCustomersNot sureNoneother 52. Do you think insider attacks have generally become more frequent over the last 12 months?*YesnoNot sure 53. What do you believe could be the main reasons that insider attacks are on the rise? (Select all that apply)*Data increasingly leaving the network perimeter via mobile devices and Web accessTechnology is becoming more complexIncreasing use of cloud apps and infrastructureMore employees, contractors, partners accessing the networkIncreasing amount of sensitive dataInsufficient data protection strategies or solutionsIncreased public knowledge or visibility of insider threats that were previously undisclosedLack of employee training / awarenessIncreasing number of devices with access to sensitive dataNot sureother 54. How confident are you in your organization’s insider threat security posture? (Select one)*Extremely confidentVery confidentModerately confidentSlightly confidentNot at all confident 55. How difficult is it to detect and prevent insider attacks compared to external cyber attacks? (Select one)*More difficult than detecting and preventing external cyber attacksAbout as difficult as detecting and preventing external cyber attacksLess difficult as detecting and preventing external cyber attacks 56. What makes the detection and prevention of insider attacks increasingly difficult? (Select all that apply)*Difficulty in detecting rogue devices introduced into the network or systemsMore end-user devices capable of theftIncreased use of applications that can leak data (e.g., Web email, DropBox, social media)Migration of sensitive data to the cloud along with adoption of cloud appsInsiders are more sophisticatedIncreased amount of data that leaves protected boundary / perimeterInsiders already have credentialed access to the network and servicesAbsence of an Information Security Governance ProgramNot sureother 57. How prepared is your organization to prevent an insider attack in your organization? (Select from a scale 1-5, with 5 being highest)*115 58. What are the biggest barriers to better insider threat management? (Select up to 3)*Low security awareness among employeesToo much data to analyzeLack of contextual information from security toolsLack of skilled personnelLack of collaboration between separate departmentsLack of effective solutions available in the marketLack of budgetInability to justify additional investmentLack of management support / awarenessPoor integration / interoperability between security solutionsNot sureother 59. How many insider attacks did your organization experience in the last 12 months? (Select one)*None1-56-1011-20More than 20Not sure / Can't disclose 60. What level of visibility do you have into user behavior within core applications? (Select all that apply)*Rely on server logsNot sureNo visibility at allHave deployed user activity monitoringIn-app audit system / featureHave deployed keyloggingother 61. Does your organization leverage analytics to determine insider threats? (Select all that apply)*NoYes – data access and movement analyticsYes – activity management and summary reportsYes – user behavior analyticsYes – predictive analyticsNot sureother 62. How does your organization combat insider threats today? (Select all that apply)*User trainingDatabase Activity MonitoringDeception-based securityBackground checksUser activity monitoringNative security features of underlying OSWe do not use anythingManaged Security Service providerSpecialized 3rd party applications and devicesCustom tools and applications developed in houseInformation Security Governance ProgramSecondary authenticationNot sure / Can't discloseother 63. What are the most effective security tools and tactics to protect against insider attacks? (Select all that apply)*Cloud Access Security Broker (CASB)User MonitoringPassword vaultSensitive and Private Data IdentificationDatabase Activity MonitoringUser behavior anomaly detectionIdentify and access management (IAM)ERP Security monitoringNetwork defences (firewalls)Cloud Security as a serviceMulti-factor authenticationSecurity information and event management (SIEM)Endpoint and mobile securitySegregation of Duties analysis (SOD)Data Loss Prevention (DLP)Encryption of data (at rest, in motion, in use)Intrusion Detection and Prevention (IDS/IPS)Enterprise Digital Rights Management solutions (E-DRM)Deception-based detectionFile Activity MonitoringPolicies & trainingTokenizationSecurity analytics & intelligenceData Access MonitoringNot sureother 64. What aspect(s) of insider threat management does your organization mostly focus on? (Select up to 3)*Analysis & Post Breach Forensics (e.g., SIEM, log analysis, etc.)Deterrence (e.g., access controls, encryption, policies, etc)Detection (e.g., user monitoring, IDS, etc)Deception (e.g., honeypots, etc)Noneother 65. How long would it take your organization to recover from an insider attack, on average? (Select one)*Within minutesWithin hoursWithin one dayWithin one weekWithin one monthWithin three monthLonger than three monthsNo ability to recoverNot sure / Can't disclose 66. Within your organization, how difficult is it to determine the actual damage of an occurred insider threat? (Select one)*Extremely difficultVery difficultModerately difficultSlightly difficultNot at all difficult 67. What would you estimate to be the cost of remediation after an insider attack? (Select one)*<$100K$100 - $500K$500K - $1M$1M - $2M>$2MDon't know / Can't disclose 68. What IT assets do you think are most vulnerable to insider attacks? (Select all that apply)*Cloud infrastructure or applicationsMobile devicesNetworkFile serversEndpointsDatabasesBusiness applicationsNot sureother 69. How important is tracking file movement across your network for your data security strategy? (Select one)*Extremely importantVery importantModerately importantSlightly importantNot at all important 70. What are the most critical threat management capabilities for your organization? (Select all that apply)*Improve threat detectionImprove blocking threatsImprove enforcement of usage policiesAggregate security alertsAutomate incident responseReduce unwanted / unauthorized trafficProactive threat huntingImprove investigating and analyzing threatsNot sureother 71. How many threat intelligence solutions do you utilize as part of your threat detection and response programs? (Select one)None12-55 or moreNot sure / Can't disclose 72. By what percentage do you estimate breaches have been reduced as a result of using threat intelligence solutions? (Select one)UnknownNo Improvement1 to 5 %6 to 10%11 to 25%26 to 50%More than 50% 73. Where does your threat information come from? (Select all that apply)Internal process (from within our own organization using our existing security tools and feeds)Open Source or public CTI feeds (DNS, MalwareDomainList.com)Community or industry groups (such as Open Threat Exchange OTX, ISACs and CERT)Intelligence feeds from security vendorsOther formal and informal groups with a shared interestother 74. Please indicate which threat management platform(s) you use, if any. (Select all that apply)NoneIDS/IPS/UTM/ firewall vendorEndpoint security vendorManaged security services providerNetwork packet broker/ Inline monitoring vendorForensics vendorDeception-based detection vendorCTI service provider“Dark web” monitoring vendorIdentity and Access Management (IAM) vendorApplication security vendor (including whitelisting/blacklisting)Vulnerability management vendorSIEM vendorLog management vendorCTI platform providerNot sure / Can't discloseother 75. What are your top use cases for your cyber threat intelligence feed data? (Select top three)Building custom IDS signatures for malicious trafficProactively hunting for unauthorized network trafficProviding trending data and reports to team and managementBlocking malicious domains or IP addresses at egress points (e.g., firewalls)Proactively hunting for file system indicators at the endpointProactively hunting for registry indicators at the endpointAdding internally generated indicators to commercial indicators to track campaignsExamining DNS server logs for malicious domains or IP addressesAdding context to investigations or compromise assessmentsDownloading malware samples from commercial repositories and reverse engineering to gain additional indicatorsother 76. Which of the following tools are you using to aggregate, analyze and present CTI information? (Select all that apply)Security analytics platform other than SIEMSIEM platformThird-party business intelligence for visualization and reportingIntrusion monitoring platformForensics platformNot sure / Can't discloseCommercial cyber threat intelligence management platformOpen source cyber threat intelligence management platform (CRITS, MISP)Home grown management systemother 77. Which of the following threat intelligence management solutions is your team using? (Select all that apply)Avalanche by FS-ISACModel-based Analysis of Threat Intelligence Sources (MANTIS)Malware Information Sharing Platform (MISP)Trusted automated eXchange of Indicator Information (TAXII)Not sure / Can't discloseCollaborative Research into Threats (CRITS)Noneother 78. Who are the primary consumers of threat intelligence in your organization? (Select all that apply)Security operations center (SOC)Incident response teamRisk and compliance groupsWorkforce in generalLegal departmentExecutive leadership (Board of Directors, C-level staff)IT Security teamMiddle management, business ownersNot sure / Can't discloseother 79. Do you have a dedicated person or team that focuses on threat intelligence? (Select one)We have a formal threat intelligence teamWe have a single person dedicated to threat intelligenceWe outsource these duties to a managed services providerWe have both internal and outsourced resources dedicated to threat intelligenceWe have no dedicated person currently, but we are planning on training members of our security teamNo, but we are looking to outsource these tasksNo, and we have no plans to develop these skills in-house or to outsource themUnknownother 80. Given your current workflow, how many new threat indicators can your incident response or hunt teams effectively utilize on a weekly basis? (Select one)None1–1011–100101–250251–500501–1,0001,001–5,0005,001–10,000Greater than 10,000Not sure / Can't disclose 81. What is the most critical barrier holding your organization back from implementing threat management more effectively? (Select one)Lack of management buy-inLack of visibility into network traffic and other processesLack of confidence in using the information to make decisionsToo many feeds / inability to prioritize the intelligence being receivedLack of trained staff/skillsDifficulty in implementing new security systems/toolsLack of context / feeds don’t provide the information that is neededNoneother 82. What is your job title? (Select one)SpecialistManager / SupervisorConsultantDirectorOwner / CEO / PresidentCTO, CIO, CISO, CMO, CFO, COOVice PresidentProject Managerother 83. What department do you work in? (Select one)IT SecurityIT OperationsEngineeringOperationsComplianceSalesProduct ManagementMarketingLegalFinanceHRother 84. How many years have you been actively involved with information security or cybersecurity? (Select one)0040 85. CERT - What certifications do you hold? (Select all that apply)CASPCCISOCCSPCEHCGEITCISACISMCISMPCISSPCRISCCSXPGPENGSECNetwork+OSCPSecurity+SSCPNoneother 86. How many employees work at your company (worldwide)?Fewer than 1010 – 99100 – 499500 - 9991,000 – 4,9995,000 – 10,000Over 10,000 87. What is the size of your IT security team? (Select one)No dedicated resources12 – 56 – 1011 – 20More than 20 88. How are your security resources sourced? (Select one)Security resources are in-house (employees)Security resources are outsourced (managed service provider)Mix of outsourced / in-houseother 89. What industry is your company in? (Select one)Agriculture, Forestry & MiningComputers & ElectronicsConsumer ServicesEducation & ResearchEnergy & UtilitiesFinancial ServicesGovernmentHealthcare, Pharmaceuticals & BiotechManufacturingMedia & EntertainmentNon-ProfitProfessional ServicesRetailTechnology, Software & InternetTelecommunicationsTransportation & LogisticsTravel, Recreation & LeisureWholesale & DistributionReal Estate & Constructionother 90. Are you involved in any way in the hiring process for information security or cybersecurity personnel in your organization, or not? (Select one)YesNoNot sure 91. If yes: What is your main role in the hiring process for your organization? (Select all that apply)I am a primary decision maker at my company for hiringI am involved in the decision making with others regarding which individuals my companyI help specify the type of candidates needed but am not involved in the hiring processI have no role in the hiring process for my companyother Bonus questions: What are your biggest cloud security headaches? (Select all that apply)*Not sureSetting consistent security policiesComplex cloud to cloud / cloud to on-prem security rule matchingNo automatic discovery / visibility / control to infrastructure securityRemediating threatsAutomatically enforcing of security across multiple datacentersNo flexibilityVisibility into infrastructure securityLack of integration with on-prem security technologiesReporting security threatsSecurity can’t keep up with pace of changes to new / existing applicationsComplianceLack of feature parity with on-prem security solutionCan’t identify misconfiguration quicklyNoneother When moving to the cloud, how do you plan to handle your security needs? (Select all that apply)*Hire staff dedicated to cloud securityLook at different security-as-a-service providers to outsource 24x7 monitoringPartner with a managed services provider who will provide the resourcesTrain and/or certify current IT staffUse security software from independent software vendor(s)Not sureother What types of corporate information do you store in the cloud? (Select all that apply)*Intellectual property (designs, formulas, blueprints)EmailSales & marketing dataCustomer data (e.g. names, contact information, credit card data)Employee data (HR, payroll)Not sureFinancial corporate dataDevOps / development dataContracts, invoices, ordersHealth informationNoneOther (please specify) Which of the following enterprise messaging apps are in use in your organization? (Select all that apply)*YammerSlackMicrosoft TeamsFacebook MessengerNoneother Do you have plans to deploy cloud-based enterprise messaging? (Select one)*This yearNext yearUndecidedNo plans to deploy a cloud messaging app What is the biggest barrier to adopting cloud messaging apps? (Select one)*Compliance requirementsInadequate native security High costFear of lock-inother Please rate your level of concern with compliance issues as they relate to a public cloud. (from 1 to 5 with 5 being the highest level of concern)*12345Auditing and reporting requirementsOrganization vs. provider legal responsibilitiesInability to meet specific requirementsSubmitReset
