Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Join the new DPE Working Group & participate in the kickoff call on July 10th at 12 PM PT!

Cloud Security Study: Most Surveyed Organizations Suffered a Cloud-Related Breach Over an 18-Month Period

Home
Industry Insights
Cloud Security Study: Most Surveyed Organizations Suffered a Cloud-Related Breach Over an 18-Month Period

Blog Article Published: 07/02/2024

Originally published by Tenable.

Written by Diane Benjuya.

What issues affect cloud security teams today? How are they tackling these challenges? Which tools do they use to measure success?

These are just a few of the questions Tenable sought to answer in its recently published "2024 Cloud Security Outlook" report, our annual assessment of organizations’ perceptions and experiences in securing their public cloud environments. Based on a survey of 600 cloud security professionals in North America and Europe, the report aims to help you understand how your peers are tackling cloud-environment complexity so you can set a strategic, effective path for securing yours.

Check out key highlights from the report below.


Cloud breaches are widespread, and insecure identities are the primary cause

Each year, the study examines how many respondents have experienced cloud-related breaches. Despite growing cloud-security awareness and tooling options, an alarming 95% of the 600 organizations polled suffered cloud-related breaches in the previous 18 months. Among those, 92% reported exposure of sensitive data, with a majority acknowledging being harmed by the data exposure.

Given the apparent inevitability of cloud breaches, it makes sense that cloud security platforms don’t just focus on identifying vulnerable points of entry but also on minimizing the potential damage of a breach. We therefore wanted to know what cloud security professionals consider their greatest source of risk – workload vulnerabilities, ransomware attacks, third party access? Here, perception aligned with industry trends: Respondents cited insecure cloud identities and misconfigurations as their top security risks. Notably, 99% of organizations that experienced cloud-related breaches blamed insecure identities as the primary cause.

We investigated further to see if organizations are not only aware of but taking action to prevent their identity and access management (IAM) risk. Here respondents excelled, with many prioritizing efforts to minimize permissions through zero trust, access governance and just-in-time (JIT) initiatives.


More key findings

The report focused on three angles in securing cloud infrastructure and, in particular, governing access to resources:

  • It’s Not Easy. We asked organizations to list the key barriers, challenges and risks they face as they implement their cloud security programs.
  • Of Critical Importance. We wanted to learn which security areas and initiatives are their priorities – and if they align with the reported top risks.
  • Measuring Tells No Lies. Along with evaluating cloud security progress and maturity, and justifying budget for renewals and new solutions, are performance indicators. We looked at the measurement tools in use – and used the most.

Other important findings included:

  • Lack of remediation capabilities emerged as the top barrier to implementing new cloud security capabilities.
  • Lack of cloud security expertise is a reality that’s putting organizations at risk.
  • A high degree of uncertainty exists regarding the different individuals and groups with cloud security responsibility inside the organization.


Regional differences

The findings revealed several regional disparities. For example, North American respondents were more inclined to report experiencing no cloud-related breaches. Meanwhile, there were regional differences in breaches’ causes. Specifically, EU organizations were much more likely to attribute their cloud breaches to excessive permissions and difficulty in detecting toxic combinations.

There were also disparities regarding the influence of DevOps teams on implementing new cloud security capabilities. North American respondents were more given to citing the barrier of DevOps teams being fearful that security efforts would disrupt their workflow.


Get the complimentary report!

Hopefully this blog has piqued your curiosity to explore the latest cloud security insights and best practices further. We invite you to download the report, which offers:

  • A clear picture of the prevalence of cloud related breaches and the negative effects of sensitive data exposure
  • An understanding of the challenges that concern cloud security professionals globally and regionally, and of the issues common to all
  • Insight into the areas your peers are prioritizing and how they’re addressing the obstacles, so you can make your cloud security efforts more effective

We also invite you to attend the webinar "Tenable Shares Its 2024 Cloud Security Outlook: Winning the Battle by Understanding True Barriers and Priorities" and read the white paper "Holistic Security for AWS, GCP and Azure."


About the Author

Diane Benjuya is a senior product marketing manager in cloud security with 20+ years in the field, more recently in the focus areas of cloud infrastructure and identity. When at leisure she enjoys a decent run and soul-lifting jam session. Diane holds a master’s degree in linguistics.

Identity and Access ManagementRisk ManagementSurveysThreat IntelligenceZero Trust

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Missed the Virtual Cloud Trust Summit?
Pre-Sale: Save on the CCSK v5 Exam!
Register for SECtember.ai
Trending This Week
#1 Discover CCSK v5: The New Standard in Cloud Security Expertise
#2 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#3 Cloud Gaming and Data Security: Balancing Fun and Privacy
#4 Top Takeaways from the Gartner Innovation Insight: Data Security Posture Management
#5 CSA STAR Certifications: What are they?
Enhance your cloud security skills with CSA's online training options.
Related Articles:
Navigating the New SEC Cybersecurity Regulations in M&A Transactions

Published: 07/03/2024

Supremacy of AI in Compliance Services: The Dawn of a New Era

Published: 07/02/2024

The Rise of QR Code Phishing Attacks: Exploring Quishing Threats

Published: 07/01/2024

Cloud Security in 2024: Addressing the Shifting Landscape

Published: 06/27/2024