According to the SANS 2019 Cloud Security Survey, nearly one in five companies had experienced a breach, an increase of 7% over the previous year. The survey seeks to answer the question of whether security infrastructures are maturing to support businesses and improve risk management in the cloud model. The results show that many companies, although benefiting from the advantages of cloud computing, have vulnerabilities and security gaps that put their company and cloud data at risk. So what can an organization do to lock down its cloud services and data as the remote workforce continues to expand?
Cloud computing has become the ubiquitous computing infrastructure for companies of all sizes and across industries. But with this setup comes security concerns that are often realities. Many businesses are working to determine how to adapt their incident response and security posture to the cloud to avoid the ever-more-common public cloud breach.
Top concerns include:
Many of these concerns are grounded and must be addressed. Consider, for example, the dangers of misconfiguration. In its 2019 Internet Threat Report, Symantec highlights the many tools available to attackers to identify misconfigured cloud resources and take advantage. And Gartner estimates that by 2022, 95% of cloud security failures will be the fault of the customer, not the service provider. This highlights another vulnerability: Many people unknowingly believe security is the responsibility of the service provider, leaving their cloud assets at risk.
To address these fears and the very real vulnerabilities underlying these concerns, companies need to take steps to identify and address cloud security gaps. However, this undertaking can be challenging for companies that lack cloud security skills. And even for those with cloud security resources, the increasing complexity of cloud and enterprise IT setups can make security vulnerability detection extremely challenging. Either through additional staff investment or third-party expertise, businesses need to assess all aspects of their cybersecurity framework, focusing on cloud vulnerabilities. Only with clear visibility into your security setup and identification of gaps can you work to improve your cloud security stance and protect your data.