Most enterprise network assets are cloud-based but policies aren't keeping pace
Nearly 90 percent of device assets in the modern organization are cloud-based, meaning physical devices such as laptops, tablets, smartphones, routers, and IoT hardware represent less than 10 percent of total devices.
However, the latest State of Cyber Assets report from JupiterOne analyzed nearly 10 million security policies and finds that cloud-specific ones represent less than 30 percent of the total.
The report finds that, on average, modern security teams are responsible for more than 165,000 cyber assets, including cloud workloads, devices, network assets, applications, data assets, and users. With cybersecurity talent in short supply, this highlights why organizations need to help their existing teams become more efficient. Most security teams pay little attention to the indirect relationships between users, devices, networks, and critical data too.
It also reveals that the average organization has well over 500 cyber assets for every human employee, making automation a requirement for security success. The average security team is responsible for 32,190 devices.
"Security automation is needed at every stage of the asset lifecycle, from asset creation to destruction," says Jasmine Henry, field security director at JupiterOne and author of the report. "Security teams need automation to identify new assets and map asset relationships to understand how real-time changes impact risk. Security teams also need to embed automated security into the DevOps pipeline, so it is easy for product engineers to set secure parameters for assets at the time of creation, such as encryption by default or data classification."
You can find out more on the JupiterOne blog and there's an infographic summary of the findings below.