Survey Surfaces Multiple Cloud Security Contradictions
A survey of 500 security, IT and engineering professionals published today found that nearly half (49%) experienced a data breach resulting from unauthorized access to a cloud computing environment. A full 80% said they felt that their existing tooling and configuration would sufficiently cover their organization from a well-orchestrated attack on their cloud environment.
Despite that level of optimism, however, the survey also found 95% were concerned their current tools and teams would be unable to detect and respond to a security event in their cloud environment, with 55% being either extremely or very concerned.
Conducted by Permiso, a cloud detection and response platform provider, the survey also found 70% of respondents claimed they would be able to respond to a cyberattack within 12 to 24 hours.
Permiso co-CEO, Paul Nguyen, however, noted that incident response data collected by Permiso found that responses usually required 16 days.
A full 70% of respondents said they were using some type of cloud-native cybersecurity platform, with 48% having adopted a CSPM, the survey finds.
The survey also finds cloud computing environments becoming more challenging to secure. More than 80% of respondents managed at least 1,000 identities across their cloud environment. A total of 44% managed at least 5,000 identities across both on-premises and cloud environments. More than 60% of respondents managed at least 1,000 API secrets across their cloud environments, with 31% managing at least 2,000 API secrets. Only 25% of the respondents employed federation capabilities to manage access to their cloud environment.
Permiso co-CEO Jason Martin said identity access management (IAM) tools are crucial because stealing credentials is still the primary attack vector cybercriminals employ to compromise cloud computing environments.
The issue is that many organizations have not implemented best IAM practices, he added. For example, 46% of respondents allow cloud console access via local IAM users. Well over a third (38%) of respondents also said they enable long-lived keys to grant access to their environment.
In general, far too many organizations have a false sense of cloud security because they don’t fully appreciate how much responsibility falls to them rather than the cloud service provider, said Martin. Each cloud service provider assumes responsibility for securing their infrastructure but everything else is the responsibility of the organizations that employ those cloud services. The shared responsibility mantra that cloud service providers have adopted is a disservice to organizations because it deliberately downplays the level of cybersecurity expertise needed to secure cloud workloads, noted Martin.
In actuality, cloud services are a completely different computing substrate that require organizations to develop a different set of first cybersecurity principles, he added. Organizations can’t successfully apply the cybersecurity tools, platforms and processes developed for on-premises IT environment to the cloud, noted Martin.
In general, most organizations would be well-advised to simply focus on cloud security fundamentals, added Martin. Most cybercriminals today are looking for the simplest way possible to access a cloud environment, which usually means stealing credentials.
The survey makes it clear that most respondents remain confident in their ability to secure cloud computing environments. However, based on the number of cloud security incidents many of them would do well to remember that hubris always goes before the fall.
