Major threats to cloud infrastructure security include a lack of visibility and inadequate IAM
98% of companies had experienced at least one cloud data breach in the past 18 months compared to 79% last year, according to an IDC survey. Meanwhile, 67% reported three or more such breaches, and 63% said they had sensitive data exposed.
Most organizations plan to increase their security spending
According to the 200 CISOs and other security decision makers who participated in the survey, nearly 60% consider lack of visibility as well as inadequate identity and access management a major threat to their cloud infrastructure. They cited access risk and infrastructure security among their top cloud security priorities for the next 18 months.
Meanwhile, 85% of organizations said they plan to increase their security spending this year, with a significant portion being allocated to cloud infrastructure security.
“Even though nearly 70% of companies invest more than 25 hours a week on cloud identity management, the survey found that 83% had at least one access-related cloud data breach,” said Shai Morag, CEO of Ermetic. “In fact, almost 60% of organizations said they consider lack of visibility and inadequate IAM security a major threat to their cloud infrastructure.”
An effective cloud infrastructure security strategy must focus on identities, permissions and entitlements to truly protect against risk. While many companies are using commercial – and even free – cloud provider tools to address their cloud security needs, these typically lack granular visibility and analytic capabilities.
As a result, they are unable to capture and unravel the privileges attached to human and machine identities, and lack the automation needed to remediate problems at scale and implement least privilege.
The state of cloud infrastructure security
- 98% of companies in the survey experienced a cloud data breach in the past 18 months, compared to 79% last year; while 67% reported three or more incidents
- 63% of respondents said their organization had sensitive data exposed in the cloud, this number ballooned to 85% for companies with annual cloud infrastructure budgets of $50M or more
- 83% of enterprises reported that at least one of their cloud breaches was related to access
- Access risk and cloud infrastructure security rank among the top five security priorities for companies in the next 18 months
- Nearly 70% of companies spend more than 25 hours per week managing IAM in cloud infrastructure
- 71% of organizations use commercial security tools offered by cloud providers, and reported that these tools require a lot of time. Only 20% of organizations said they are very satisfied with their cloud security posture
- 92% of companies said they tried, are trying or will try to implement least privilege in the cloud in the next 12 months
- 50% of large organizations reported they are struggling to implement least privilege. All cited their greatest barriers as too difficult and time consuming (29%), lack of personnel/expertise (29%) or multi-clouds (29%)