While cloud service providers like Google Cloud Platform (GCP), Amazon Web Services (AWS), and Microsoft Azure have continued to expand their service offerings to protect their evolving assets, it’s still your responsibility to secure your data within these cloud environments. As your responsibility lies in providing security in the cloud vs. the cloud provider’s role of providing security of the cloud, it’s imperative to see, understand, and adhere to the best practices in securing your data across your public cloud/multi-cloud environments.
Per the 2019 Cloud Security report by Cybersecurity Insiders, 350+ security professionals in North America provided their input on what is and is not working in securing their cloud data, systems and services. The results are a continuation of past challenges and tribulations. Insecure interfaces / APIs jumped to the top of the list as the number one threat, as indicated by 57% of SecOps teams. Misconfiguration takes the number two spot this year as the biggest threat to cloud security with 46%. Lastly, unauthorized access came in as the third threat with 34% stating so. To address these cloud security challenges, security teams must reassess their security posture strategies and address the inability of most legacy security tools to protect modern IT environments.
While the 2019 report includes many points of interest, here are some of the key findings:
- Cloud security concerns: The top two cloud security challenges highlighted by cybersecurity professionals in our survey are data privacy (52%) and protecting against data loss and leakage (51%). This is followed by fraud (32%), concerns about accidental exposure of credentials (30%), and performance issues (29%). This echoes last year’s results but with higher numbers.
- Cloud security headaches: As workloads continue to move to the cloud, cybersecurity professionals increasingly realize the complications in protecting these workloads. The top two security headaches Security Operations teams face are compliance (45%) and the lack of qualified security staff (44%) – a perennial challenge. Setting consistent security policies across cloud and on-premise environments (36%) is tied with lack of visibility into infrastructure security (36%). The order of these results differ from last year’s report but reflect the same basic problems: lack of visibility, compliance adherence, and consistent policy enforcement.
- Barriers to cloud adoption: Despite all of its benefits, cloud computing is still not without its challenges. Lack of qualified staff continues to top the list of barriers to faster cloud adoption (38%), remaining at the top spot as last year. Legal and regulatory compliance barriers (30%) and integration with existing IT environments (27%) round out the top three barriers. Multi-cloud strategy: 47% of respondents indicated that they are leveraging more than one cloud provider for a multitude of reasons, including high availability, disaster recovery, and multi-vendor sourcing efficiencies and risk mitigation. This is a significant boost of 17% over the 2018 results.
- Cloud Security Priorities: Organizations focus on malware defense (30%), reaching regulatory compliance (15%), and securing major cloud apps (14%) as their number one cloud security priorities this year.
These results are both encouraging and disappointing in that there is progress in some areas (i.e. reduced unauthorized access, less concern on staff expertise) while increased problems in others (i.e. increased multi-cloud deployments). The opportunity to help these SecOps teams continues to be significant and third-party vendors like Netskope can help them identify and mitigate these security risks.