While spending on cloud services is high, with more than half of respondents having spent more than $10 million and 11% having spent more than $100 million in the last three years, security preparedness is low, with 32% saying they are doing less than they need to, or nothing at all, to ensure security of their cloud resources, an Osterman Research survey reveals.
Complicate cloud security
It also revealed what enterprises see as the key contributors to cloud breaches – many related to identity and misconfiguration.
“Despite being aware of serious shortcomings in public cloud security tools and the rise of cloud-focused vulnerability exploits, 32% of those surveyed are not actively working to solve these challenges,” said Mike Osterman, President and Principal Analyst, Osterman Research.
“This is the result of several issues, not least of which is the fact that many organizations are under-resourced, poorly trained and budget-constrained, which results in the inability to address all of their vulnerabilities and risks. Even for those that do have budget available, poor risk decisions can further complicate cloud security.”
Identity a key threat vector
“Typically when we hear company executives estimate the number of identities on their cloud, they are talking about people that they have given access to data,” said Sonrai Security’s CISO Eric Kedrosky.
“When considering the cloud, companies really need to focus on non-people identities – roles, service principles, serverless functions and other ‘things’ – that are given roles with access to sensitive data. These things, for which access often gets elevated unnecessarily or persists long after it should, outnumber people identities by hundreds or even thousands to one, and are the most critical threat vector in the cloud today.”
The survey illustrated that security leaders do have an appreciation for this dynamic, despite many being unable to address it. When ranking the severity of several types of threats, “overpriviledged identities” were ranked a “high risk” by 41% of respondents, just below “bad actors/cybercriminals” at 46%, “lack of visibility/hidden risk” at 44% and “data loss” at 43%.
Cloud misconfiguration a growing problem
Cloud misconfiguration also stood out as a leading cause of breaches, with 37% of respondents saying that they had increased significantly in the last 12 months.
Regarding the reasons they occur, 53% cited the complexity of their cloud environments, followed by lack of education and training (45%), too few IT and security staff members (43%) and unexplained human error (29%).
Additional causes of data breaches in the public cloud
In addition to outside hackers and insider threats, the most common, and often overlooked, causes of data breaches include:
- Overprivileged identities: Identities with significantly more privileges and access than are required to carry out the duties assigned to them introduces a significant risk to the cloud.
- Human error: Human mistakes will happen and will not be deliberate at times, but these errors can still wreak havoc in an organization. One example we commonly see is an employee who takes shortcuts leaving sensitive data in locations where it is not adequately protected.
- Unauthorized access: Due to the complex nature of cloud environments, having visibility into which identities have access to data and resources is increasingly difficult. Organizations need to secure all crown jewel data and enforce policies to prevent unauthorized access to the cloud environment.