Cloud Data Breach – Most CISOs Indicate Security Misconfiguration as a Critical Challenge

Cloud Data Breach – Most CISOs Indicate Security Misconfiguration as a Critical Challenge

Most US companies had suffered a minimum of one cloud data breach over the past 18 months, reports Emertic.

Cloud data breaches are surging – nearly 80% of the US organizations have encountered at
least one cloud security breaches in the last 18 months, and 43% of companies reported ten or more such incidents. The findings are from the latest research study, titled “IDC Cloud Security Survey Highlights” conducted by Ermetic in participation with IDC survey. IDC interview around 300 CISOs, from leading organizations with 1500 to over 20,000
employees across various industries – to understand the rising cloud security concerns and
level of risks associated.

According to the surveyed CISOs, the major concerns linked to cloud safety environments
are –
a] Security misconfiguration (67%),
b] Lack of visibility with activities and access settings (64%)
c] Identity and access management (IAM) permission flaws (61%)

Meanwhile, about 80% said that they are unable to find excessive access to sensitive data or information in IaaS/PaaS environments.

Security configuration issues are a common phenomenon in the cloud space with the
the increasing complexity of deployments and interest from cybercriminals or researchers.
Many users and applications pile up access permissions beyond their legitimate
requirements for the business needs. Generally, this is steered by the dynamic interface and on-demand nature of the public cloud infrastructure deployments. Excessive access
permissions can go unnoticed as they are granted by default – whenever a new resource or
any service is included in the cloud environment. For attackers, this is the primary target as
they can be used for various malicious activities – including delivering malware, stealing
sensitive data, or causing damage in business operations.

Some other key highlights from the study are:

a] The major cloud security priorities were identified as – compliance monitoring (78%),
permission and authorization management (75%), and security configuration
management (73%).

b] Prioritized cloud access security involves maintaining the confidentiality of the
sensitive data (67%), regulatory compliance (61%), and allowing the right level of
access (53%).

c] IDC found that the top cloud access security challenges include insufficient expertise
(66%), integrating disparate security tools (52%), and a lack of technology solutions
that can meet their needs (39%).

Shai Morag, CEO at Ermetic as mentioned in the company blog post, “Even though most of
the companies surveyed are already using IAM, data loss prevention, data classification, and privileged account management products, more than half claimed these were not adequate for protecting cloud environments. In fact, two-thirds cited cloud-native capabilities for authorization and permission management, and security configuration as either a high or an essential priority.”