Cloud misconfigurations represent something that’s plaguing many organizations’ cloud adoption efforts. For example, a 2020 report found that 91% of cloud deployments contained at least one misconfiguration that left organizations exposed to potential digital threats. Those weaknesses contributed to more than 200 data breaches between 2018 and 2020, noted SC Magazine, with those security incidents exposing more than 30 billion records.

Another 2020 report found that misconfigurations were the underlying cause of 196 data breaches during the 2019 calendar year alone. According to that study, those security incidents exposed more than 33 billion records over a two-year period. TechRepublic put the total cost of those security incidents at $5 trillion using 2019 data from the Ponemon Institute.

These findings raise an important question: Are public cloud misconfigurations a concern for organizations in 2021? If so, what are organizations doing to address that worry?

The State of Organizations’ Cloud Insecurity

The Cloud Security Alliance (CSA) explored these questions, among others, in its “State of Cloud Security Concerns, Challenges, and Incidents” report. For this publication, CSA surveyed 1,900 IT and security professionals from December 2020 to January 2021. Their responses helped to illuminate how organizations are handling security issues like misconfigurations.

First, the report revealed that misconfigurations were a concern for many organizations. “Network security” was the most-selected response at 58% when respondents were asked to name their employers’ concerns with adopting the public cloud. Digging a little deeper into finding, the report found that organizations were most worried about sensitive data leakage but also had their cloud deployments’ “configuration and security settings” on their minds.

These security concerns weren’t unfounded. Indeed, 11% of survey participants told CSA that their organization had weathered a cloud-related operational incident in the preceding 12 months. Just 20% said that their employer had (Read more...)