EXECUTIVE SUMMARY:
Organizations are eager to leverage cloud computing resources, and to leave on-prem behind. In 2020, the global public cloud computing market is forcast to reach $330 billion. Interest in providing employees with ‘access from anywhere’ has increased exponentially. By 2021, experts expect that cloud data centers will process more than 90% of workloads. However, the rush towards cloud adoption means that security may not receive enough attention.
A recent survey of 300 CISOs shows that, in the past 18 months, nearly 80% of organizations have weathered cloud security breaches. Forty-three percent of survey respondents reported contending with a total of 10 breaches or more.
Did your organization recently migrate infrastructure or apps to the cloud? Businesses are rapidly adopting:
- Software as a Service (SaaS): The SaaS model means that the vendor provides the majority of cloud-based management for your platform or applications. The buyer can then easily go about everyday tasks without contending with the nitty gritty.
- Platform as a Service (PaaS): The PaaS model is perfect for IT teams that wish to have a bit more control over platform management and application testing. In an apt analogy, PaaS represents the ‘take and bake’ model for preparing a pizza dinner.
- Infrastructure as a Service (IaaS): This model allows developers to freely build and develop cloud storage services, networks and more. In continuing with the analogy of above, it represents the ‘make your own pizza’ model for preparing a pizza dinner.
Nearly 90% of organizations rely on SaaS. Nonetheless, market share for PaaS and IaaS is growing. After adopting any of these new computing models, be sure to redirect web security resources to the cloud. Avoid unnecessary cloud security risks.
Here’s what CISOs are most worried about right now:
- 67% reported concerns about security misconfigurations of production environments. As many as eight in ten US-based enterprises have experienced cloud breaches due to misconfigurations.
- 64% listed lack of visibility into access in production environments as a top issue. Manually collecting this type of data is not the best use of anyone’s time. As a result, organizations should consider security solutions that can provide robust visibility.
- 61% stated that they feared improper IAM and permission configurations. “Excessive permissions may go unnoticed as they are often granted by default when a new resource or service is added to the cloud environment,” says a recent security report. “These are a primary target for attackers”.
These survey findings align with past investigations into the cloud threats at the top of CISOs’ agendas.
How CISOs are prioritizing projects & preventing cloud data breaches:
- 78% are focused on compliance monitoring. Governance in this area often fails to receive the attention that it needs. Compliance monitoring is easy to overlook in the context of other clear-and-present priorities. Nonetheless, managing sensitive information through the implementation of straightforward methodologies moves an organization forward.
- 75% are prioritizing authorization and permission management. Zero-trust is not only in vogue, it’s genuinely useful. Not all threats come from the outside. Insider threats can be just as devastating for an organization as a advanced persistent threat from a nation-state backed espionage ring. Restricting internal access to information improves an organization’s cyber security posture.
- 73% are looking at improving their security configuration management. By improving in this area, organizations can potentially do a better job of remaining in compliance with mandated policies. Security configuration management solutions can help.
These cloud security statistics can scare you or they can motivate and inspire you. Choose the latter and pursue a security-first approach. Learn about how to build easy-to-use cloud security into your existing cloud environments. Get details here.
For more CISO insights on cloud computing, visit Infosecurity Magazine