Published : 04.22.2021
Last Updated : 06.01.2022
Missed our recent webinar? There’s an on-demand recording available for our “The State of Enterprise Cloud Security: The Good, The Bad, The Ugly” webinar.
On April 20, we hosted a webinar with Eric Kedrosky, Director of Cloud Security Research and CISO of Sonrai Security, and Michael Osterman, Principal Analyst at Osterman Research. This webinar serves as a follow-up to a recently released research report conducted by Osterman Research. While the survey shines a light on executives’ decisions in cloud security, its primary purpose is to dig deep into the top concerns organizations face. Here we break down some key takeaways from the webinar.
“The State of Enterprise Cloud Security: The Good, The Bad, And The Ugly,” is a report based on a recent survey of enterprises conducted by Osterman Research. The survey clearly illustrates that while spending on cloud services is high, with more than half of respondents have spent more than $10 million and 11% have spent more than $100 million in the last three years, security preparedness is low, with almost one-third (32%) saying they are doing less than they need to, or nothing at all, to ensure the security of their cloud resources. It also revealed what enterprises see as the key contributors to cloud breaches.
“Despite being aware of serious shortcomings in public cloud security tools and the rise of cloud-focused vulnerability exploits, 32% of those surveyed are not actively working to solve these challenges,” said Mike Osterman, Founder, President and Principal Analyst, Osterman Research. “This is the result of several issues, not least of which is the fact that many organizations are under-resourced, poorly trained, and budget-constrained, which results in the inability to address all of their vulnerabilities and risks. Even for those that do have the budget available, poor risk decisions can further complicate cloud security.”
Cloud misconfiguration also stood out as a leading cause of breaches, with 37% of respondents saying that they had increased significantly in the last 12 months. Regarding the reasons they occur, 53% cited the complexity of their cloud environments, followed by lack of education and training (45%), too few IT and security staff members (43%), and unexplained human error (29%). The concern is both timely and well-supported, with a recent report from Gartner Research estimating that “By 2023, 75% of security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020.”
In addition to outside hackers and insider threats, the most common, and often overlooked, causes of data breaches include: