New survey “The State of Enterprise Cloud Security: The Good, The Bad, And The Ugly” exposes massive holes in public cloud security strategies due to complexity and budgetary constraints
NEW YORK — April 13, 2021 — Sonrai Security, the leader in identity and data security for public cloud, today announced the availability of some cloud security trends “The State of Enterprise Cloud Security: The Good, The Bad, And The Ugly,” based on a recent survey of enterprises conducted by Osterman Research. The survey clearly illustrates that while spending on cloud services is high, with more than half of respondents having spent more than $10 million and 11% having spent more than $100 million in the last three years, security preparedness is low, with almost one-third (32%) saying they are doing less than they need to, or nothing at all, to ensure security of their cloud resources. It also revealed what enterprises see as the key contributors to cloud breaches — many related to identity and misconfiguration.
Osterman Research on Cloud Security Trends
“Despite being aware of serious shortcomings in public cloud security tools and the rise of cloud-focused vulnerability exploits, 32% of those surveyed are not actively working to solve these challenges,” said Mike Osterman, Founder, President and Principal Analyst, Osterman Research. “This is the result of several issues, not least of which is the fact that many organizations are under-resourced, poorly trained and budget-constrained, which results in the inability to address all of their vulnerabilities and risks. Even for those that do have budget available, poor risk decisions can further complicate cloud security.”
Identity a Key Threat Vector
Respondents reported having an average of 7,750 identities with access to sensitive cloud data, estimates that production deployments of Sonrai Dig would suggest are exceedingly low.
“Typically when we hear company executives estimate the number of identities on their cloud, they are talking about people that they have given access to data,” said Sonrai Security’s CISO Eric Kedrosky. “When considering the cloud, companies really need to focus on non-people identities — roles, service principles, serverless functions and other ‘things’ — that are given roles with access to sensitive data. These things, for which access often gets elevated unnecessarily or persists long after it should, outnumber people identities by hundreds or even thousands to one, and are the most critical threat vector in the cloud today.”
The survey illustrated that security leaders do have an appreciation for this dynamic, despite many being unable to address it. When ranking the severity of several types of threats, “overpriviledged identities” were ranked a “high risk” by 41% of respondents, just below “bad actors/cybercriminals” at 46%, “lack of visibility/hidden risk” at 44%, and “data loss” at 43%.
Cloud Misconfiguration a Growing Problem
Cloud misconfiguration also stood out as a leading cause of breaches, with 37% of respondents saying that they had increased significantly in the last 12 months. Regarding the reasons they occur, 53% cited the complexity of their cloud environments, followed by lack of education and training (45%), too few IT and security staff members (43%) and unexplained human error (29%). The concern is both timely and well-supported, with a recent report from Gartner Research (1) estimating that, “By 2023, 75% of security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020.”
Additional Causes of Data Breaches in the Public Cloud
In addition to outside hackers and insider threats, the most common, and often overlooked, causes of data breaches include:
- Overprivileged Identities: Identities with significantly more privileges and access than are required to carry out the duties assigned to them introduces a significant risk to the cloud.
- Human Error: Human mistakes will happen and will not be deliberate at times, but these errors can still wreak havoc in an organization. One example we commonly see is an employee who takes shortcuts leaving sensitive data in locations where it is not adequately protected.
- Unauthorized Access: Due to the complex nature of cloud environments, having visibility into which identities have access to data and resources is increasingly difficult. Organizations need to secure all crown jewel data and enforce policies to prevent unauthorized access to the cloud environment.
Survey Respondent Demographics
The 101 respondents had a minimum of $50M in annual revenue and 1,000 employees. Ninety percent were headquartered in the U.S, with 67 percent also having non-U.S offices. Business segments represented included fintech (16%), healthcare (14%), manufacturing (14%), education (8%), government (8%), technology (8%), and insurance (6%). No non-profits were included. Seventy-four percent of respondents operate hybrid cloud environments, with 44% using multiple public clouds. Seventy-seven percent have spent $50M or less on cloud services in the last three years, with 13% having spent $50.1-100M and 11% having spent more than $100M.
Solutions in Use
Cloud security solutions applied varied widely amongst respondents, with 90% using provider-supplied cloud security, 41% using identity access management (IAM), 22% using cloud security posture management (CSPM) and 18% deploying identity governance solutions. Fourteen percent report using dedicated container security solutions, and 11% use data classification tools.
“This research confirms that public cloud security begins and ends with identity and data controls,” said Brendan Hannigan, CEO and co-founder, Sonrai Security. “To this end Sonrai Dig has now been successfully deployed at many enterprises and this latest study confirms the large opportunity to help many more such firms.”
Gartner Research — Managing Privileged Access in Cloud Infrastructure Published 9 June 2020 – ID G00720361 – by Analyst Paul Mezzera