Sonrai Security Releases Industry-First Risk Insights Engine 👉
Learn More
Search Contact Login
  • Why Sonrai
  • Platform
      • Platform OverviewCentralized security for identities, data workloads & infrastructure.
      • CNAPPFind & remediate risk across the entire cloud.
      • CIEM / IdentitySecure identities, access & permissions.
      • Data Access SecurityDiscover, monitor and secure critical data.
      • CSPM / PlatformIdentity & remediate cloud misconfigurations with context.
      • CWPP / WorkloadAgentless scanning & context-aware vulnerability prioritization.
      • CDR / Detection & ResponseDetect anomalous activity & respond with context.
      • INTERACTIVE PRODUCT TOUR
      • Start a Tour
  • Solutions
      • Cloud Environments
      • Amazon Web Services
      • Google Cloud
      • Microsoft Azure
      • Oracle Cloud
      • Use Cases
      • Audit & Compliance
      • Least Privilege
      • Least Access
      • Cloud Misconfiguration
      • Vulnerability Management
      • Executive Reporting
      • User Roles
      • Cloud Teams
      • DevSecOps
      • Security Teams
      • FREE CLOUD IDENTITY DIAGNOSTIC
      • A comprehensive view of your cloud identity risks in 48 hours, with specific next steps to maximize your remediation value.
      • Get Your Diagnostic
  • Learn
      • Resource Library
      • Customer Stories
      • Comparisons
      • Blog
      • Video
      • Access
      • Cloud Pros Talking Shop, No Sales Pitches AllowedGet the 411 on tactics and strategies from security leaders that you can use to meet your own cloud security goals tomorrow.

        Sessions like: – Accelerate Identity Security Maturity in the Cloud – Live Hack: Anatomy of a Cloud Attack – Closing the Security Void left by PAM and IGA in the Cloud
      • Register Now
  • Company
      • About Us
      • Partners
      • Cloud Provider
      • ABOUT US
      • Story & Leadership
      • Careers
      • News
      • INTERACTIVE PRODUCT TOUR
      • Start a Tour
      • PARTNERS
      • Integrations
      • Global System Integrators
      • Solution Providers
      • CLOUD PROVIDER
      • Amazon Web Services
      • Google Cloud
      • Microsoft Azure
      • Oracle Cloud
      • FREE CLOUD IDENTITY DIAGNOSTIC
      • A comprehensive view of your cloud identity risks in 48 hours, with specific next steps to maximize your remediation value.
      • Get Your Diagnostic
Interactive Tour Watch a Demo
  • Why Sonrai
  • Platform
      • Platform OverviewCentralized security for identities, data workloads & infrastructure.
      • CNAPPFind & remediate risk across the entire cloud.
      • CIEM / IdentitySecure identities, access & permissions.
      • Data Access SecurityDiscover, monitor and secure critical data.
      • CSPM / PlatformIdentity & remediate cloud misconfigurations with context.
      • CWPP / WorkloadAgentless scanning & context-aware vulnerability prioritization.
      • CDR / Detection & ResponseDetect anomalous activity & respond with context.
      • INTERACTIVE PRODUCT TOUR
      • Start a Tour
  • Solutions
      • Cloud Environments
      • Amazon Web Services
      • Google Cloud
      • Microsoft Azure
      • Oracle Cloud
      • Use Cases
      • Audit & Compliance
      • Least Privilege
      • Least Access
      • Cloud Misconfiguration
      • Vulnerability Management
      • Executive Reporting
      • User Roles
      • Cloud Teams
      • DevSecOps
      • Security Teams
      • FREE CLOUD IDENTITY DIAGNOSTIC
      • A comprehensive view of your cloud identity risks in 48 hours, with specific next steps to maximize your remediation value.
      • Get Your Diagnostic
  • Learn
      • Resource Library
      • Customer Stories
      • Comparisons
      • Blog
      • Video
      • Access
      • Cloud Pros Talking Shop, No Sales Pitches AllowedGet the 411 on tactics and strategies from security leaders that you can use to meet your own cloud security goals tomorrow.

        Sessions like: – Accelerate Identity Security Maturity in the Cloud – Live Hack: Anatomy of a Cloud Attack – Closing the Security Void left by PAM and IGA in the Cloud
      • Register Now
  • Company
      • About Us
      • Partners
      • Cloud Provider
      • ABOUT US
      • Story & Leadership
      • Careers
      • News
      • INTERACTIVE PRODUCT TOUR
      • Start a Tour
      • PARTNERS
      • Integrations
      • Global System Integrators
      • Solution Providers
      • CLOUD PROVIDER
      • Amazon Web Services
      • Google Cloud
      • Microsoft Azure
      • Oracle Cloud
      • FREE CLOUD IDENTITY DIAGNOSTIC
      • A comprehensive view of your cloud identity risks in 48 hours, with specific next steps to maximize your remediation value.
      • Get Your Diagnostic

Interactive Product Tour

interactive tour Start a Tour Get a Demo
Search Contact Login
Back to News
Press

Published : 04.13.2021

Osterman Research: 1/3 of US Companies Under Resourcing Cloud Security

By Sonrai Security Marketing

New survey “The State of Enterprise Cloud Security: The Good, The Bad, And The Ugly” exposes massive holes in public cloud security strategies due to complexity and budgetary constraints

NEW YORK — April 13, 2021 — Sonrai Security, the leader in identity and data security for public cloud, today announced the availability of some cloud security trends “The State of Enterprise Cloud Security: The Good, The Bad, And The Ugly,” based on a recent survey of enterprises conducted by Osterman Research. The survey clearly illustrates that while spending on cloud services is high, with more than half of respondents having spent more than $10 million and 11% having spent more than $100 million in the last three years, security preparedness is low, with almost one-third (32%) saying they are doing less than they need to, or nothing at all, to ensure security of their cloud resources. It also revealed what enterprises see as the key contributors to cloud breaches — many related to identity and misconfiguration.

Osterman Research on Cloud Security Trends

“Despite being aware of serious shortcomings in public cloud security tools and the rise of cloud-focused vulnerability exploits, 32% of those surveyed are not actively working to solve these challenges,” said Mike Osterman, Founder, President and Principal Analyst, Osterman Research. “This is the result of several issues, not least of which is the fact that many organizations are under-resourced, poorly trained and budget-constrained, which results in the inability to address all of their vulnerabilities and risks. Even for those that do have budget available, poor risk decisions can further complicate cloud security.”

Identity a Key Threat Vector
Respondents reported having an average of 7,750 identities with access to sensitive cloud data, estimates that production deployments of Sonrai Dig would suggest are exceedingly low.

“Typically when we hear company executives estimate the number of identities on their cloud, they are talking about people that they have given access to data,” said Sonrai Security’s CISO Eric Kedrosky. “When considering the cloud, companies really need to focus on non-people identities — roles, service principles, serverless functions and other ‘things’ — that are given roles with access to sensitive data. These things, for which access often gets elevated unnecessarily or persists long after it should, outnumber people identities by hundreds or even thousands to one, and are the most critical threat vector in the cloud today.”

The survey illustrated that security leaders do have an appreciation for this dynamic, despite many being unable to address it. When ranking the severity of several types of threats, “overpriviledged identities” were ranked a “high risk” by 41% of respondents, just below “bad actors/cybercriminals” at 46%, “lack of visibility/hidden risk” at 44%, and “data loss” at 43%.

Cloud Misconfiguration a Growing Problem
Cloud misconfiguration also stood out as a leading cause of breaches, with 37% of respondents saying that they had increased significantly in the last 12 months. Regarding the reasons they occur, 53% cited the complexity of their cloud environments, followed by lack of education and training (45%), too few IT and security staff members (43%) and unexplained human error (29%). The concern is both timely and well-supported, with a recent report from Gartner Research (1) estimating that, “By 2023, 75% of security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020.”

Additional Causes of Data Breaches in the Public Cloud
In addition to outside hackers and insider threats, the most common, and often overlooked, causes of data breaches include:

  • Overprivileged Identities: Identities with significantly more privileges and access than are required to carry out the duties assigned to them introduces a significant risk to the cloud.
  • Human Error: Human mistakes will happen and will not be deliberate at times, but these errors can still wreak havoc in an organization. One example we commonly see is an employee who takes shortcuts leaving sensitive data in locations where it is not adequately protected.
  • Unauthorized Access: Due to the complex nature of cloud environments, having visibility into which identities have access to data and resources is increasingly difficult. Organizations need to secure all crown jewel data and enforce policies to prevent unauthorized access to the cloud environment.

Survey Respondent Demographics
The 101 respondents had a minimum of $50M in annual revenue and 1,000 employees. Ninety percent were headquartered in the U.S, with 67 percent also having non-U.S offices. Business segments represented included fintech (16%), healthcare (14%), manufacturing (14%), education (8%), government (8%), technology (8%), and insurance (6%). No non-profits were included. Seventy-four percent of respondents operate hybrid cloud environments, with 44% using multiple public clouds. Seventy-seven percent have spent $50M or less on cloud services in the last three years, with 13% having spent $50.1-100M and 11% having spent more than $100M.

Solutions in Use
Cloud security solutions applied varied widely amongst respondents, with 90% using provider-supplied cloud security, 41% using identity access management (IAM), 22% using cloud security posture management (CSPM) and 18% deploying identity governance solutions. Fourteen percent report using dedicated container security solutions, and 11% use data classification tools.

“This research confirms that public cloud security begins and ends with identity and data controls,” said Brendan Hannigan, CEO and co-founder, Sonrai Security. “To this end Sonrai Dig has now been successfully deployed at many enterprises and this latest study confirms the large opportunity to help many more such firms.”

Gartner Research — Managing Privileged Access in Cloud Infrastructure Published 9 June 2020 – ID G00720361 – by Analyst Paul Mezzera

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Linkedin
Previous Post Next Post
Sonrai logo FC icon
Get a Demo
  • Twitter
  • Linkedin
  • Solutions
  • Cloud Security Platform
    • CNAPP
    • Workload / CWPP
    • Platform / CSPM
    • Identity / CIEM
    • Data Access Security
    • Data / Cloud DLP
    • Detection & Response / CDR
    • Workflow & Automation
    • Sonrai Identity Graph
  • By Use Case
    • Least Privilege
    • Least Access
    • Cloud Misconfiguration
    • Vulnerability Management
    • Executive Reporting
    • Compliance
  • Cloud Environments
    • AWS
    • Microsoft Azure
    • Google Cloud
  • User Roles
    • Cloud Teams
    • DevSecOps
    • Security Teams
  • Partners
    • Partner Alliances
      • Ecosystem Partners & Integrations
      • Global System Integrators (GSI)
      • Solution Providers (VARS, MSP, MSSP, CSP)
    • Cloud Alliances
      • Microsoft Azure
      • AWS
      • Google Cloud
      • Oracle Cloud
  • Learn
    • Resource Library
    • Blog
    • Events
    • Webinar
    • Comparisons
  • Company
    • Our Story & Leadership
    • Careers
    • News
    • Awards & Recognition
    • Contact Us
  • Twitter
  • Linkedin

© 2023 Sonrai Security. All rights reserved

Sitemap   |   Privacy Policy  |  

Sonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307 and 11,134,085, together with other domestic and international patents pending. All rights reserved.

Scroll to top