Half of security pros believe risks in the cloud greater than on-prem: Survey

With organizations increasingly moving to the cloud, it’s not surprising that threat actors are increasingly attacking cloud-based applications.

New research from Venafi shows how deep the problem may be.

According to a survey released Wednesday, 81 per cent of security decision-makers it questioned said their firm had experienced a cloud-related security incident over the last 12 months. Almost half (45 per cent) said their organization suffered at least four incidents.

“The underlying issue for these security incidents is the dramatic increase in security and operational complexity connected with cloud deployments,” Venafi concludes.

Venafi, a provider of machine identity management solutions, surveyed just over 1,100 security decision makers across the United States, United Kingdom, France, Germany, Benelux (Belgium, Netherlands, Luxembourg) and Australia.

Related content: Three keys to improving cloud security

Respondents said 41 per cent of their applications were hosted in the cloud, and expect that percentage to grow to 57 per cent over the next 18 months.

Just over half of the respondents believe security risks are higher in the cloud than on-premises.

The most common cloud-related security incidents respondents have experienced are:

  • security incidents during runtime (34 per cent);
  • unauthorized access (33 per cent);
  • misconfigurations (32 per cent);
  • major vulnerabilities that have not been remediated (24 per cent);
  • a failed audit (19 per cent).

The study also showed that responsibility for securing cloud-based applications varied widely across the organizations respondents work for. Enterprise security teams (25 per cent) were the leading group, followed by operations teams responsible for cloud infrastructure (23 per cent), a collaborative effort shared between multiple teams (22 per cent), developers writing cloud applications (16 per cent) and DevSecOps teams (10 per cent). “However,” Venafi said, “the number of security incidents indicates that none of these models are effective at reducing security incidents.”

When asked who should be responsible for security of cloud-based applications, there was still no clear consensus. Twenty-four per cent of respondents said responsibility should be shared between cloud infrastructure operations teams and enterprise security teams, while 22 per cent said it should be shared with multiple teams, followed by developers writing cloud applications (16 per cent), and DevSecOps teams (14 per cent).

“The challenges with shared responsibility models are that security teams and development teams have very different goals and objectives,” says Venafi. “Developers need to move fast to accelerate innovation while security teams often do not have visibility into what development teams are doing. Without this visibility, security teams cannot evaluate how those controls stack up against security and governance policies.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.