It’s easy to assume that cloud service providers like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), are fully responsible for every aspect of cloud security. However, one of the biggest threats to cloud security, misconfigurations, is an aspect of the shared responsibility model that ultimately falls into the hands of the user. AWS, explains its shared responsibility model as users being responsible for security IN the cloud, including their data, while AWS is responsible for the security of the cloud – meaning the compute, storage and networks that support the AWS public cloud.
Security professionals are taking notice of the threats that moving workloads to the cloud present and remain concerned about the security of the data, systems, and services in the cloud. In the 2018 Cloud Security Report, a survey of over 570 IT and security professionals published by Cybersecurity Insiders and Crowd Research Partners, misconfiguration jumped to the number one spot this year as the single biggest threat to cloud security (62 percent).
To cope with the security challenges in the cloud, security teams are forced to reassess their security posture, strategies and the inability of most legacy security tools to address modern IT environments. Third parties, like Netskope, can help organizations mitigate these new security risks.
Read the report to learn more.
Key findings from the 2018 Cloud Security Report include:
- Cloud security concerns: While adoption of cloud computing continues to surge, security concerns are showing no signs of abating. Reversing a multi-year downward trend, nine out of ten cybersecurity professionals confirm they are concerned about cloud security, up 11 percentage points from last year’s cloud security survey. The top three cloud security challenges include protecting against data loss and leakage (67%), threats to data privacy (61%), and breaches of confidentiality (53%).
- Biggest threats to cloud security: Misconfiguration of cloud platforms jumped to the number one spot in this year’s survey as the single biggest threat to cloud security (62%). This is followed by unauthorized access through misuse of employee credentials and improper access controls (55%), and insecure interfaces / APIs (50%).
- Cloud Security Headaches: As more workloads move to the cloud, cybersecurity professionals are increasingly realizing the complications to protect these workloads. The top three security control challenges security operations centers (SOCs) are struggling with are visibility into infrastructure security (43%), compliance (38%), and setting consistent security policies across cloud and on-premises environments (35%).
- Legacy security tools limitations in the cloud: Only 16 percent of organizations report that the capabilities of traditional security tools are sufficient to manage security across the cloud, a 6-percentage point drop from the previous survey. Eighty-four percent say traditional security solutions either don’t work at all in cloud environments or have only limited functionality. Cybersecurity professionals are struggling with visibility into cloud infrastructure security (43%), compliance (38%), and setting consistent security policies across cloud and on-premises environments (35%).
- Paths to stronger cloud security: For the second year in a row, training and certification of current IT staff (57%) ranks as the most popular path to meet evolving security needs. Fifty percent of respondents use their cloud provider’s security tools, and 35 percent deploy third-party security software to ensure the proper cloud security controls are implemented.
- Multi-cloud strategy: The growing trend is organizations are leveraging more than one cloud provider for a multitude of reasons, ranging from high availability
(HA), disaster recovery (DR) and multi-vendor sourcing strategy to name a few. Only 30% of respondents have a “single cloud” deployment strategy. Most cloud security leaders now have a multi-cloud strategy, avoiding the limitations of a single-vendor dependency but also requiring them to partner with cloud security providers that can secure data and protect against threats across different cloud providers.