Managing firewall risks in the cloud
67 percent of IT security respondents in a Ponemon Institute study, report that their organization is very vulnerable or vulnerable because cloud ports and firewalls are not adequately secured.
Furthermore, 54 percent of respondents said their organizations’ IT personnel are not knowledgeable or have no knowledge about the potential risk of open firewall ports in their cloud environments.
The research was conducted to determine the challenges organizations face when managing access and securing firewalls and ports in cloud environments. The study analyzed responses from 682 IT and IT security practitioners in the United States working in organizations that use hosted or cloud servers (dedicated or virtual private servers).
On average, respondents have more than 10 years of IT or IT security experience, and 40 percent come from organizations with 5,000 employees or more in globally dispersed locations.
“We believe this is the first study to look at the risk to cloud security because of unsecured ports and firewalls, and the results are very revealing,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. “It is commonly accepted that organizations believe they struggle with security in the cloud, but this study gets to a root of the problem. For example, more than half of the respondents said it is very likely or likely that administrative cloud server ports left open for access expose the organization to increased hacker attacks and security exploits. Nineteen percent say these exploits have already happened.”
Additional key findings of the study include:
- 52 percent of respondents rate their organizations’ overall management of cloud server security as fair (27 percent) and poor (25 percent); 21 percent responded “no comment”.
- 42 percent of respondents fear they would not know if their organizations’ applications or data was compromised by a security exploit or data breach involving an open port on a cloud server.
- 79 percent of respondents believe that being able to efficiently manage security in the cloud is just as important as cloud security itself.
- 73 percent of respondents believe the cloud server firewall is the first place to stop attacks and prevent exploits.
- 72 percent of respondents said automation is important to cloud firewall policy management.
- 36 percent of respondents report that their organizations cannot manage access or generate reports efficiently; and 29 percent say they manage access through the cloud provider’s tools but cannot see the access reports.
- 78 percent of respondents say the most important feature to cloud server security is the ability to close ports automatically, so they don’t have to manually reconfigure their firewall.
The complete study is available here (registration required).