AWS Cloud Security Report 2020 for Management: Managing the Rapid Shift to Cloud

By CloudPassage

New cloud technologies, including infrastructure as code, containers, and machine learning help organizations increase efficiency and scalability, but also introduce the potential for new security vulnerabilities. As more companies rapidly migrate toward flexible cloud solutions that support a work-from-anywhere workforce, cloud security concerns have increased in parallel.

The Cybersecurity Insiders AWS Cloud Security Report 2020 is a comprehensive survey of 427 cybersecurity professionals, conducted in May of 2020. Sponsored by CloudPassage for the second consecutive year, the report offers up-to-date insight into the latest trends, challenges, and solutions for cloud protection on AWS.

This year, we broadened our questions to include some additional topics. As a result, this will be the first of three blogs we publish that deep-dive into the results that matter for core audiences. This blog provides a managerial overview of the most common security and compliance concerns. The additional focus pieces include:

• AWS Security Best Practices: AWS Cloud Security Report 2020 for InfoSec
• DevOps Security Automation: AWS Cloud Security Report 2020 for DevSecOps

Managing the Shift to Cloud from the Management Perspective

The technical executives, managers, and IT security practitioners surveyed represent a balanced cross-section of organizations of varying sizes, across multiple industries, to provide a clear picture of the cloud security challenges they’re facing and the tools and best practices they’re prioritizing to secure their move to the cloud. Below, you’ll find a summary of these top 4 customer concerns, followed by a link to the full report:

1. Cloud security concerns are even higher than last year: 95% of cybersecurity professionals confirm they are extremely, to moderately, concerned about public cloud security—up from 91% in last year’s survey.
2. Security decision making is primarily centralized: Even with more control given to DevOps, 50% of organizations maintain a centralized information security team.
3. Cloud security budgets are increasing to meet demand: 65% of survey respondents say they have increased their cloud security budgets an average of 36% over the next 12 months.
4. Cloud compliance presents new challenges: 44% of organizations report challenges around audits and risk assessments of their cloud environment, while compliance monitoring (42%) and vulnerability monitoring (40%) also represent significant concerns.

#1 – Cloud Security Concerns Even Higher Than Last Year

Cloud security concerns remain high as the adoption of public cloud computing continues to surge, especially in the wake of the 2020 COVID crisis and the resulting massive shift to remote work environments. More than nine out of 10 cybersecurity professionals (95%) confirm they are extremely-to-moderately concerned about public cloud security—up from 91% in last year’s survey.

Figure: Moderate to severe concern related to cloud security is up 4% over last year’s survey

Customer organizations are ultimately responsible for securing their own workloads in the cloud —despite the shared responsibility security measures offered by Amazon Web Services. When asked about the specific cloud security challenges, cybersecurity professionals in our survey are highlighting the risk of data loss and leakage (63%), threats to data privacy (tied at 63%), and dealing with legal and regulatory challenges (40%) as the top three security concerns.

#2 – Security Decision Making Primarily Centralized According to AWS Security Report 2020

Security decision-making responsibilities are often spread between multiple teams. Half of all organizations surveyed maintain a centralized InfoSec organization that is responsible for deciding on security strategy, tools, and implementation practices. However, IT operations teams and DevOps also have a say in many organizations.

While there is no “best answer” for security team structure, roles, and responsibilities, it’s important that all teams involved with security are working together and operating from a shared strategy and set of objectives.

Figure: 50% of companies maintain a centralized information security organization

#3 Cloud Security Budgets are Increasing to Meet Demand

As more organizations integrate with AWS cloud infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) offerings, they are recognizing a growing need to secure their investments. The majority of organizations surveyed indicated an increase in cloud security budgets, while many others anticipated a similar spend to the previous year. Only 5% of those surveyed stated that they would spend less on cloud security.

Figure: The majority of companies will continue investing in cloud security, many with moderately increased budgets

#4 Cloud Compliance Presents New Challenges According to AWS Security Report 2020

Regulatory compliance is already a challenge for many organizations, and the move to cloud further complicates the standards and compliance process. Of the eight identified compliance processes, 44% of survey respondents state that undergoing audit/risk assessments within the cloud environment is the most challenging. Monitoring for compliance with policies and procedures follows closely at 42%.

Figure: Audit and risk assessment top the list of compliance challenges in the cloud

Get the Full Cybersecurity Insiders 2020 AWS Cloud Security Report

As promised, you can get your complimentary copy of the Cybersecurity Insiders 2020 AWS Cloud Security Report for a deeper dive into the top cloud security concerns faced this year. You’ll also discover why industry experts are moving toward cloud-native security solutions to better secure their public, hybrid, and multi-cloud environments.