Missed our recent webinar? There’s an on-demand recording available for our “The State of Enterprise Cloud Security: The Good, The Bad, The Ugly” webinar.
On April 20, we hosted a webinar with Eric Kedrosky, Director of Cloud Security Research and CISO of Sonrai Security, and Michael Osterman, Principal Analyst at Osterman Research. This webinar serves as a follow-up to a recently released research report conducted by Osterman Research. While the survey shines a light on executives’ decisions in cloud security, its primary purpose is to dig deep into the top concerns organizations face. Here we break down some key takeaways from the webinar.
Almost One-third of US Companies Under-Resourcing Cloud Security Despite Escalating Risks
“The State of Enterprise Cloud Security: The Good, The Bad, And The Ugly,” is a report based on a recent survey of enterprises conducted by Osterman Research. The survey clearly illustrates that while spending on cloud services is high, with more than half of respondents have spent more than $10 million and 11% have spent more than $100 million in the last three years, security preparedness is low, with almost one-third (32%) saying they are doing less than they need to, or nothing at all, to ensure the security of their cloud resources. It also revealed what enterprises see as the key contributors to cloud breaches.
“Despite being aware of serious shortcomings in public cloud security tools and the rise of cloud-focused vulnerability exploits, 32% of those surveyed are not actively working to solve these challenges,” said Mike Osterman, Founder, President and Principal Analyst, Osterman Research. “This is the result of several issues, not least of which is the fact that many organizations are under-resourced, poorly trained, and budget-constrained, which results in the inability to address all of their vulnerabilities and risks. Even for those that do have the budget available, poor risk decisions can further complicate cloud security.”
Cloud Misconfiguration Continues to be a Growing Problem
Cloud misconfiguration also stood out as a leading cause of breaches, with 37% of respondents saying that they had increased significantly in the last 12 months. Regarding the reasons they occur, 53% cited the complexity of their cloud environments, followed by lack of education and training (45%), too few IT and security staff members (43%), and unexplained human error (29%). The concern is both timely and well-supported, with a recent report from Gartner Research estimating that “By 2023, 75% of security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020.”
Additional Causes of Data Breaches in the Public Cloud
In addition to outside hackers and insider threats, the most common, and often overlooked, causes of data breaches include:
- Overprivileged Identities: Identities with significantly more privileges and access than are required to carry out the duties assigned to them introduces a significant risk to the cloud.
- Human Error: Human mistakes will happen and will not be deliberate at times, but these errors can still wreak havoc in an organization. One example we commonly see is an employee who takes shortcuts leaving sensitive data in locations where it is not adequately protected.
- Unauthorized Access: Due to the complex nature of cloud environments, having visibility into which identities have access to data and resources is increasingly difficult. Organizations need to secure all crown jewel data and enforce policies to prevent unauthorized access to the cloud environment.