Cloud Security Study: Most Surveyed Organizations Suffered a Cloud-Related Breach Over an 18-Month Period
Published 07/02/2024
Originally published by Tenable.
Written by Diane Benjuya.
What issues affect cloud security teams today? How are they tackling these challenges? Which tools do they use to measure success?
These are just a few of the questions Tenable sought to answer in its recently published "2024 Cloud Security Outlook" report, our annual assessment of organizations’ perceptions and experiences in securing their public cloud environments. Based on a survey of 600 cloud security professionals in North America and Europe, the report aims to help you understand how your peers are tackling cloud-environment complexity so you can set a strategic, effective path for securing yours.
Check out key highlights from the report below.
Cloud breaches are widespread, and insecure identities are the primary cause
Each year, the study examines how many respondents have experienced cloud-related breaches. Despite growing cloud-security awareness and tooling options, an alarming 95% of the 600 organizations polled suffered cloud-related breaches in the previous 18 months. Among those, 92% reported exposure of sensitive data, with a majority acknowledging being harmed by the data exposure.
Given the apparent inevitability of cloud breaches, it makes sense that cloud security platforms don’t just focus on identifying vulnerable points of entry but also on minimizing the potential damage of a breach. We therefore wanted to know what cloud security professionals consider their greatest source of risk – workload vulnerabilities, ransomware attacks, third party access? Here, perception aligned with industry trends: Respondents cited insecure cloud identities and misconfigurations as their top security risks. Notably, 99% of organizations that experienced cloud-related breaches blamed insecure identities as the primary cause.
We investigated further to see if organizations are not only aware of but taking action to prevent their identity and access management (IAM) risk. Here respondents excelled, with many prioritizing efforts to minimize permissions through zero trust, access governance and just-in-time (JIT) initiatives.
More key findings
The report focused on three angles in securing cloud infrastructure and, in particular, governing access to resources:
- It’s Not Easy. We asked organizations to list the key barriers, challenges and risks they face as they implement their cloud security programs.
- Of Critical Importance. We wanted to learn which security areas and initiatives are their priorities – and if they align with the reported top risks.
- Measuring Tells No Lies. Along with evaluating cloud security progress and maturity, and justifying budget for renewals and new solutions, are performance indicators. We looked at the measurement tools in use – and used the most.
Other important findings included:
- Lack of remediation capabilities emerged as the top barrier to implementing new cloud security capabilities.
- Lack of cloud security expertise is a reality that’s putting organizations at risk.
- A high degree of uncertainty exists regarding the different individuals and groups with cloud security responsibility inside the organization.
Regional differences
The findings revealed several regional disparities. For example, North American respondents were more inclined to report experiencing no cloud-related breaches. Meanwhile, there were regional differences in breaches’ causes. Specifically, EU organizations were much more likely to attribute their cloud breaches to excessive permissions and difficulty in detecting toxic combinations.
There were also disparities regarding the influence of DevOps teams on implementing new cloud security capabilities. North American respondents were more given to citing the barrier of DevOps teams being fearful that security efforts would disrupt their workflow.
Get the complimentary report!
Hopefully this blog has piqued your curiosity to explore the latest cloud security insights and best practices further. We invite you to download the report, which offers:
- A clear picture of the prevalence of cloud related breaches and the negative effects of sensitive data exposure
- An understanding of the challenges that concern cloud security professionals globally and regionally, and of the issues common to all
- Insight into the areas your peers are prioritizing and how they’re addressing the obstacles, so you can make your cloud security efforts more effective
We also invite you to attend the webinar "Tenable Shares Its 2024 Cloud Security Outlook: Winning the Battle by Understanding True Barriers and Priorities" and read the white paper "Holistic Security for AWS, GCP and Azure."
About the Author
Diane Benjuya is a senior product marketing manager in cloud security with 20+ years in the field, more recently in the focus areas of cloud infrastructure and identity. When at leisure she enjoys a decent run and soul-lifting jam session. Diane holds a master’s degree in linguistics.
Related Articles:
The Evolution of DevSecOps with AI
Published: 11/22/2024
It’s Time to Split the CISO Role if We Are to Save It
Published: 11/22/2024
Establishing an Always-Ready State with Continuous Controls Monitoring
Published: 11/21/2024
AI-Powered Cybersecurity: Safeguarding the Media Industry
Published: 11/20/2024