A survey from Tripwire, a provider of security and compliance solutions, revealed that several organizations face shortcomings in securing their cloud environments. In its “Implementing Cloud Security Best Practices” report, Tripwire revealed that the majority of security professionals (76%) have difficulties in maintaining security configurations in the cloud. Nearly 37% of respondents said their risk management capabilities in the cloud are worse compared with other parts of the security landscape.
Almost 93% are concerned about human error causing accidental exposure of their cloud data. Despite concerns about human errors, 22% of organizations still assess their cloud security posture manually. The report stated, “Attackers are known to run automated searches to find sensitive data exposed in the cloud, making it critical for organizations to monitor their cloud security posture on a recurring basis and fix issues immediately.”
Other Notable Findings from the Survey include:
- Only 21% of organizations assess their overall cloud security posture in real time or near real time. While 21% said they conduct weekly evaluations, 58% do so only monthly or less frequently.
- While 91% of organizations have implemented some level of automated enforcement in the cloud, 92% still want to increase their level of automated enforcement.
- Only 51% of organizations have automated solutions that ensure proper encryption settings are enabled for databases or storage buckets.
- 45% of organizations automatically assess new cloud assets as they are added to the environment.
- A slim majority (51%) have automated alerts with context for suspicious behavior.
Tim Erlin, Vice President of product management and strategy at Tripwire, said, “Security teams are dealing with much more complex environments, and it can be extremely difficult to stay on top of the growing cloud footprint without having the right strategy and resources in place. There are well-established frameworks which provide prioritized recommendations for securing the cloud. However, the ongoing work of maintaining proper security controls often goes undone or puts too much strain on resources, leading to human error.”
The survey findings are based on the responses from 310 security professionals surveyed on the implementation of cloud security best practices.
Cloud Security Risks on Rise
A similar survey, “State of Cloud Security,” conducted by Fugue revealed that IT and cloud security professionals are concerned about the security of their cloud environments as several organizations working remotely. The survey found that 96% of cloud engineering teams are at present 100% working from home, while 83% of them completed the transition or are still in the process. Around 84% (who are making the shift) are concerned about security vulnerabilities created during the swift adoption of new access policies, networks, and devices used for managing cloud infrastructure remotely.
