36 percent of organizations have suffered a serious cloud breach in the last year
A new survey of 300 cloud professionals finds that 36 percent of organizations have suffered a serious cloud security data leak or a breach in the past 12 months.
The study conducted by security and compliance automation firm Fugue and developer tools company Sonatype finds eight out of ten are worried that they're vulnerable to a major data breach related to cloud misconfiguration.
In addition 64 percent say the problem will get worse, or remain unchanged over the next year. The main causes of cloud misconfiguration are seen as too many APIs and interfaces to govern (32 percent), a lack of controls and oversight (31 percent), a lack of policy awareness (27 percent), and negligence (23 percent). 21 percent say they are not checking Infrastructure as Code (IaC) prior to deployment, and 20 percent aren't adequately monitoring their cloud environment for misconfiguration.
"The adoption of IaC is a double-edged sword, it puts cloud infrastructure into the hands of developers, but also opens organizations to serious risk associated with misconfiguration." says Matt Howard, executive vice president at Sonatype. "The survey results highlight the need to empower developers with advanced security guardrails and rapid feedback to ensure that cloud infrastructure is secure and complies with relevant regulations and defined policies."
Some challenges remain the same in cloud security as elsewhere. These include alert fatigue (cited by 21 percent), false positives (27 percent), and human error (38 percent). The demand for cloud security expertise continues to outpace supply too 36 percent face challenges in hiring and retaining the cloud security experts and 35 percent problems sufficiently training their cloud teams on security.
When asked what they need to help deal with these issues, 96 percent say a unified policy framework would be valuable. 47 percent say they need better visibility into their environments, and 43 percent say automated compliance audits and approvals would help.
The full report is available from the Fugue site.