Cloud misconfigurations are no laughing matter. In its “2020 Cloud Misconfigurations Report,” DivvyCloud revealed that 196 separate data breaches involving cloud misconfigurations had cost companies a combined total of approximately $5 trillion between January 1, 2018 and December 31, 2019. The problem is that those costs could be even higher; as reported by ZDNet, 99% of IaaS issues go unreported. Organizations could therefore be leaking data from their cloud environments without their knowledge.

This reality raises several questions. Are IT professionals concerned about the security of their employers’ cloud environments against misconfiguration incidents? And what security controls do they have in place to mitigate these risks?

DevOps Connect:DevSecOps @ RSAC 2022

To answer these questions, Tripwire partnered with Dimensional Research to survey 310 professionals who held IT security responsibilities for the public cloud environments at organizations with more than 100 employees. These individuals came from more than a dozen different sectors, and they held various positions of leadership across the Americas, EMEA and APAC. Their responses help to illuminate the digital resilience of organizations’ cloud environments and how IT professionals view their employers’ cloud security posture.

Cloud Security Concerns Underscored by Lack of Technical Controls

Respondents to Tripwire’s survey revealed that they’re specifically worried about their employers’ cloud security. Indeed, 37% of participants indicated that risk management capabilities in the cloud were at least somewhat worse in the cloud than in other parts of the organization’s infrastructure. It therefore follows that many IT professionals were concerned about the impact that some digital threats could have on their employers’ cloud-based assets. Case in point, a majority (93%) of individuals expressed their worry that human error could cause their employers to accidentally expose their data hosted in the cloud.

Survey: 76% of IT Pros Say It’s Difficult to Maintain Security Configs in the Cloud

Those findings coincided with a lack of proper cloud security controls at many organizations. For instance, just (Read more...)