This post was originally published here by (ISC)² Management.
As investments in public cloud computing continue to grow, so do cloud-related security incidents. Over the past 12 months, 18 percent of organizations have experienced a cloud security incident, double the number reported in the previous 12-month period, according to a recent report.
Not surprisingly, concerns over cloud security also are rising, with more than nine out of 10 cybersecurity professionals – 91 percent, to be exact – saying they are worried about it. This, too, represents an increase from the previous polling period, when 81 percent of cybersecurity professionals expressed similar fears, and reverses a multiple-year downward trend.
The findings are part of the Crowd Research Partners’ 2018 Cloud Security Report, based on a comprehensive online survey of more than 570 cybersecurity and IT professionals, including CISOs, security analysts and IT managers.
Companies are investing in cloud infrastructure for reasons such as improved scalability, availability, business continuity and cost reduction. But as the report’s findings make clear, many of the fears regarding security that have hampered cloud adoption in the past still remain.
Plenty of Challenges
Organizations face no shortage of challenges as they rely more on cloud infrastructures for their technology needs. For one thing, they are finding that the capabilities of legacy security tools are limited in the cloud.
Only 16 percent of organizations believe traditional protection tools can properly handle security across the cloud, a 6-point drop from the previous survey. A substantial majority – 84 percent – says those solutions either do not work in cloud environments or provide only limited functionality.
The biggest security control challenges organizations are facing are visibility into infrastructure security (43 percent) and compliance (38 percent). They also are struggling with setting consistent security policies across cloud and on-premises environments (35 percent) and lament that security is not keeping up with the pace of change in applications (also 35 percent).
Respondents cited misconfiguration of cloud platforms as the biggest threat to cloud security (62 percent), followed by unauthorized access resulting from misuse of employee credentials and improper access controls (55 percent).
As for the top security challenges faced by organizations, respondents rated them in the following order:
- Protecting against data loss and leakage – 67%
- Threats to data privacy – 61%
- Breaches of confidentiality – 53%
Despite the growing concerns regarding cloud security, the report had some positive findings, particularly in security education. For the second consecutive year, training and certification of existing IT staff ranked as the most popular path to meet evolving security needs. This is a good sign because as technology changes and threats evolve, updating the skills of cybersecurity workers is critical.
Organizations also recognize that investments in security overall are a necessity, as evidenced by the finding that nearly half of them (49 percent) expect cloud security budgets to increase. The median increase is expected to be 22 percent.
While, encouraging, these silver-lining findings are far from enough. It’s clear that as cloud investments continue to grow, more effort must be devoted to properly securing those investments to minimize threats and to boost overall confidence in the safety of cloud environments.