New study reveals 42 percent of organisations are concerned about cloud security but many fail to carry out any security testing on the environment
With the recent exposure of a huge data breach affecting US bank Capital One, cloud security has once again been put under the spotlight. However, a recent survey from Outpost24 has revealed that many companies today would be unable to detect abnormalities in their cloud environment, while 37 percent have already experienced a cyberattack on their cloud systems. As more organisations embrace digital transformation and migrate to the cloud – the results of the survey highlight the lack of security hygiene when it comes to cloud environments.
The study, which was carried out at Infosecurity Europe in June 2019, studied the attitudes of 300 security professionals and also revealed that over a quarter (27 percent) of organisations do not know how quickly they could tell if their cloud data had been compromised, while 11 percent said a compromise on their on-premise data would be much quicker to detect, indicating some organisations are still relying solely on cloud service providers to protect their cloud data.
Other survey findings revealed that 42 percent of security professionals believe their on-premise data is more secure than their cloud hosted data, while 19 percent of organisations only carry out security testing on their cloud environment annually, and a staggering 11 percent never run any security testing at all.
“The cloud offers organisations huge benefits in terms of cost savings and scalability, however security in the environment should never be overlooked,” said Bob Egner, VP at Outpost24. “Organisations should treat their cloud assets just as they would their on-premise assets and apply all the same security principles of vulnerability and application security assessment, plus checks for cloud misconfigurations and security posture. It is extremely important to understand the shared responsibility model and what cloud service providers such as Amazon Web Services (AWS) and Microsoft Azure can and cannot offer in terms of security, as ultimately the responsibility of protecting your data and cloud workloads lies with you, the organisations using the cloud services.”
The study also asked respondents about how many of their products and applications are running in the cloud and 34 percent said more than half, while 15 percent said all their assets were running in the cloud.
“Our survey clearly shows that many organisations today are heavily reliant on the cloud, and often multi-cloud, which makes it difficult to apply and homogenise the correct security controls across multiple cloud service providers. Security testing should be continuous across the entire technology stack, including the cloud. Running automated and continuous testing is the best way to identify if cloud data is being accessed by anyone maliciously and to help spot any misconfigurations in real-time which could put the data at risk,” continued Egner.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.