The RSA Conference 2020 took place in San Francisco last week, and as expected, exciting new research and vulnerabilities were published, and vendors were showcasing their new services. The topics ranged from analytics and application security to cryptography, threats, and governance, but unsurprisingly, cloud security popped up in many sessions. After all, almost no one can avoid using cloud services anymore.
Firemon brought some statistics to back up cloud threat landscape discussions and published their 2020 State of Hybrid Cloud Security report. The survey shows that companies are concerned about cloud security and especially about their skills.
Code42 also released a survey revealing that cloud-based collaboration tools are often misused for sharing information too widely and against company policies. According to Code42, insider threat is an underestimated cause of data leaks.
Lack of cloud skills and confidence
Firemon surveyed over 500 IT and security professionals whose work is related to securing cloud environments. According to the study, nearly 60 % of them are concerned about their skills to ensure their enterprise services in the cloud are secure. Businesses have gone to the cloud, but the IT and security departments could not keep up with the pace.
The top concern was lack of visibility (17 %) with lack of integration to other tools (13 %), lack of training, and qualified personnel (around 11 % both) close behind.
These are the same problems that Nixu’s security consultants typically see. Lack of logging and monitoring degrades visibility, so does the fact the teams may be setting up their accounts and subscriptions without coordination and company-wide security policies.
Misconfiguration causes security problems
Firemon’s study highlights misconfiguration as an important source of cybersecurity problems. That’s a relevant concern and a rising trend when you look at the headlines of recent data breach news.
To back up the fact, DivvyCloud has even recently released the 2020 Cloud Misconfigurations Report that compiles data from 2018 and 2019 data breaches. The report pans the “move fast, fail fast” phrase as it seems to result also in getting breached fast. The report summarizes the reasons behind cloud security misconfiguration to four main problems: inexperienced users, outdated security models, lack of visibility, and an exceptional scale and scope of change.
The list is not surprising since the cloud platforms evolve at such a rapid pace that it can be challenging to keep up with all the new features and educate yourself.
The report pans the “move fast, fail fast” phrase as it seems to result also in getting breached fast
Security practices are lagging behind the work culture
Code42 studied digital collaboration and information sharing habits of almost 5000 workers. According to the report, the most typical way to share data with another organization is still email (38 %), but cloud collaboration platforms are not very far behind with their 31 % share. Workers also admit using unauthorized cloud services for data sharing. The reason for avoiding tools with company approval can be slowness, restrictiveness, or lack of features.
Data and file synchronization to personal accounts and the increasing demand for being to work anytime, anywhere, and a more rapid pace of changing jobs makes it difficult for all companies to keep up with the security practices.
Cloud-based tools make it easy to leak data both accidentally and intentionally. Too broad permissions may be accidental, and processes don’t always keep up when people leave the company. Code42’s report also reveals that many people have taken data with them, but only a few employers have attempted to verify that data does not leave the company. It may feel awkward to distrust your employees, but this survey shows again that insider threats should not be whisked away.
Learn how to improve your cloud security
Are you concerned about the state of your cloud monitoring and visibility, security policies, or identity and access management to help tackle insider threats? The findings in these reports are not exactly new but a trend that keeps growing, and it’s good to have facts and figures to back up the message that cloud security is something to which you should pay attention. Luckily, there’s a lot you can do to improve your cloud security and minimize risks. Download our whitepaper, Your to do list for a secure cloud, and learn how to secure your cloud environments.
Would you like to stay up to date with the new cybersecurity trends? Subscribe to the Nixu newsletter.