MARKETING SPECIALIST

Industry analysts have recently disclosed that many of the data breaches that make the headlines are the result of the exploitation of cloud misconfiguration mistakes, sometimes with devastating consequences.

Key Findings

The State of Cloud Security 2021 report reveals that 36% of organizations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they’re vulnerable to a major data breach related to cloud misconfiguration. What’s more, 64% say the problem will get worse, or remain unchanged over the next year.

cloud misconfiguration

Image Source: State of Cloud Security 2021

The survey, which was conducted on 300 cloud professionals (including cloud engineers, security engineers, DevOps, and architects) also found that the primary causes of cloud misconfiguration cited are too many APIs and interfaces to govern (32%), a lack of controls and oversight (31%), a lack of policy awareness (27%), and negligence (23%). 21% said they are not checking Infrastructure as Code (IaC) prior to deployment, and 20% aren’t adequately monitoring their cloud environment for misconfiguration.

The adoption of infrastructure as code (IaC) presents cloud teams with the opportunity to shift left on cloud security and compliance and build security into cloud development, but there is a level of effort required. Implementing IaC security checks, mapping IaC rules to compliance controls, remediating IaC violations, and reconciling cloud runtime violations with the corresponding IaC templates requires engineering investment. IaC security burdens are amplified when automated IaC checks using policy as code aren’t used consistently across the organization.

Source

Challenges

According to Fugue, the leader in cloud security and compliance automation, and Sonatype, the leader in developer-friendly tools for software supply chain automation and security, traditional security challenges play a significant role in cloud security, such as alert fatigue (cited by 21%), false positives (27%), and human error (38%).

The demand for cloud security expertise continues to outpace supply – 36% cite challenges in hiring and retaining the cloud security experts and 35% cite challenges sufficiently training their cloud teams on security.

cloud misconfiguration - security issues

Image Source: State of Cloud Security 2021

With the nature of cloud threats constantly evolving and attacks becoming more sophisticated, there is no secret that threat actors are now employing automation to scan the Internet for misconfigured cloud resources in minutes. This places pressure on engineering and security teams to find and remediate them quickly. As a result, a vast majority of respondents (83%) are concerned their organization is at risk of a cloud-based data breach.

What Professionals Say They Need

The survey revealed that the lack of policies that work across the cloud development lifecycle (CDLC) from IaC through the runtime was cited as a significant issue, with 96% of organizations saying such a unified policy framework would be valuable. 47% said they need better visibility into their environments, and 43% agreed that automated compliance audits and approvals would help.

Cloud IAM and Cloud PAM Challenges Explained

SaaS Security: How to Protect Your Enterprise in the Cloud

Cloud Computing Threats: Beyond Vulnerabilities

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP