Headlines continue to suggest that organizations’ cloud environments make for tantalizing targets for digital attackers. Illustrating this point, the 2019 SANS State of Cloud Security survey found “a significant increase in unauthorized access by outsiders into cloud environments or to cloud assets” between 2017 (12 percent) and 2018 (19 percent).

These findings beg the question: how prepared are organizations to defend themselves against cloud-based threats?

To find out, Tripwire took a survey of 150 attendees at Black Hat USA 2019. This research effort provided crucial insight into how industry pros view cloud security today. It also drew attention to certain steps which organizations can take to better defend themselves in the cloud.

Cloud Misconfigurations Abound

Misconfiguration has remained the center of attention in reported data leaks and cyber incidents related to cloud. In Tripwire’s survey, 84 percent said that it was difficult for their organizations to maintain security configurations across cloud services. Of those, 17 percent said it was “very difficult.”

That could explain why 75 percent of survey respondents said it was easy to accidentally expose data publicly through the cloud.

Effective cloud security seems to elude organizations for a number of other factors. For example, many security professionals still lack a clear understanding of what security the cloud service provider provides versus what security measures the consumer is responsible for. Only about a quarter (27 percent) of survey participants said the Shared Responsibility Model for security between cloud service providers and their customers were “very clear.” Even more than that said the model was “not clear” (28 percent), while most (45 percent) said the model was only “somewhat clear.”

A Growing Level of Complexity

Also contributing to the difficulty of cloud security, teams are faced with a much more complex environment to defend in general, (Read more...)