WESTMINSTER, Colo. — Coalfire released a new Securealities research report: “Cloud Security Intelligence Report.”
The report, created in cooperation with Cybersecurity Insiders, provides a detailed look at how organizations are responding to security threats in the cloud. It highlights what is and is not working for security operations teams in securing their cloud data, systems, and services in the cloud shared responsibility model.
A majority of analyst reports show that 90% of enterprises are in the cloud to various degrees (whether public, private, or hybrid deployments). However, this study revealed that 93% of enterprise respondents are still moderately to extremely concerned about cloud security, providing a barrier to a more aggressive embrace of cloud strategies.
“This report clearly indicates that organizations should regularly reassess their cloud security practices and reevaluate whether their deployments are meeting their business objectives,” said Mark Carney, executive vice president of cybersecurity services, Coalfire. “Security strategies must be customized to cloud environments and optimized to ensure companies are extracting the benefits they set out to achieve in their cloud journeys.”
Some other noted highlights of the report include:
- The top cloud security concerns of cybersecurity professionals are data loss and leakage (64%) and data privacy/confidentiality (62%).
- Unauthorized access through misuse of employee credentials and improper access controls, (42%) and insecure interfaces and APIs (42%) are tied for the top spot as the single biggest perceived vulnerability to cloud security. They are followed by misconfiguration of the cloud platform (40%).
- The top two operational security headaches that security operations center (SOC) teams struggle with are compliance (34%) and lack of visibility into infrastructure security (33%).
- The three most commonly mentioned security controls that would increase enterprise confidence in cloud solution security include encryption of data-at-rest (38%), automation of compliance (37%), and alerting on security events (34%).
- Of special concern is the number of organizations that lack visibility to their own security status: 25% of those surveyed reported that they don’t know whether they have been breached.
Overall, many of the concerns expressed by respondents of the study pointed directly to the enterprise’s own responsibilities within the shared responsibility model.
For more information, visit Coalfire.com.