The new Cloud Security Report reveals that security concerns, lack of qualified security staff and outdated security tools remain the top issues keeping cyber security professionals up at night, while data breaches are at an all-time high.
Based on a comprehensive online survey of over 1,900 cyber security professionals in the 350,000-member Information Security Community on LinkedIn, the report has been produced in conjunction with leading cloud security vendors AlienVault, Bitglass, CloudPassage, Cloudvisory, Dome9 Security, Eastwind Networks, Evident.io, (ISC)2, Quest, Skyhigh, and Tenable.
Key takeaways from the report include:
- Cloud security concerns – While adoption of cloud computing continues to surge, security concerns are showing no signs of abating. Reversing a multi-year downward trend, nine out of ten cybersecurity professionals confirm they are concerned about cloud security, up 11 percentage points from last year’s cloud security survey. The top three cloud security challenges include protecting against data loss and leakage (67%), threats to data privacy (61%), and breaches of confidentiality (53%).
- Biggest threats to cloud security – Misconfiguration of cloud platforms jumped to the number one spot in this year’s survey as the single biggest threat to cloud security (62%). This is followed by unauthorized access through misuse of employee credentials and improper access controls (55%), and insecure interfaces / APIs (50%).
- Cloud Security Headaches – As more workloads move to the cloud, cybersecurity professionals are increasingly realizing the complications to protect these workloads. The top three security control challenges security operations centers (SOCs) are struggling with are visibility into infrastructure security (43%), compliance (38%),and setting consistent security policies across cloud and on-premises environments (35%).
- Legacy security tools limited in the cloud – Only 16 percent of organizations report that the capabilities of traditional security tools are sufficient to manage security across the cloud, a 6-percentage point drop from our previous survey. Eighty-four percent say traditional security solutions either don’t work at all in cloud environments or have only limited functionality. Cybersecurity professionals are struggling with visibility into cloud infrastructure security (43%), compliance (38%), and setting consistent security policies across cloud and on-premises environments (35%).
- Paths to stronger cloud security – For the second year in a row, training and certification of current IT staff (56%) ranks as the most popular path to meet evolving security needs. Fifty percent of respondents use their cloud provider’s security tools, and 35 percent deploy third-party security software to ensure the proper cloud security controls are implemented.
- Effective cloud security solutions – Encryption of data at rest (64%) and data in motion (54%) tops the list of the most effective cloud security technologies, followed by Security Information and Event Management (SIEM) platforms (52%).
- Cloud security budgets increase – Looking ahead, close to half of organizations (49%) expect cloud security budgets to go up, with a median budget increase in 22 percent.