Enterprises under-resource cloud security despite increased risks
Even though half of respondents have spent $10 million or more on cloud services over the last three years, 32 percent say they are doing less than they need to in order to secure their cloud resources.
"Despite being aware of serious shortcomings in public cloud security tools and the rise of cloud-focused vulnerability exploits, 32 percent of those surveyed are not actively working to solve these challenges," says Mike Osterman, founder, president and principal analyst at Osterman Research. "This is the result of several issues, not least of which is the fact that many organizations are under-resourced, poorly trained and budget-constrained, which results in the inability to address all of their vulnerabilities and risks. Even for those that do have budget available, poor risk decisions can further complicate cloud security."
When asked to rate the severity of threats, bad actors and cybercriminals came top on 46 percent, followed by hidden risks and lack of visibility on 44 percent, and data loss on 43 percent.
Misconfiguration is a leading cause of breaches (37 percent) and the complexity of environments is cited as the leading reason they occur (53 percent). Lack of education and training, shortage of IT staff and human error are other reasons. Over-privileged identities and unauthorized access are also cited as being behind breaches.
The full research is available from the Sonrai site and there's an infographic summary of the findings below.