Survey: Most Security Pros Said Their Orgs Struggled with Cloud Configs
A recent survey conducted by Tripwire at Black Hat USA 2019 provided crucial insight into how industry pros view cloud security today.
The study surveyed security professionals attending Black Hat Las Vegas 2019, and also revealed that 75 percent think it’s easy to accidentally expose data publicly through the cloud.
Tim Erlin, vice president of product management and strategy at Tripwire, said:
“While cloud providers may take responsibility for securing their infrastructure, moving to the cloud doesn’t absolve you from the responsibility of protecting your own data. The cloud doesn’t magically protect the data and systems that you put in there. There’s a new incident reported every few weeks that stresses the need to extend basic security controls to cloud environments. Organizations need to ensure they’re implementing critical security controls regardless of where the systems reside.”
Other key results from the survey include:
- 28 percent stated the “shared responsibility” models for security that are being touted by cloud service providers for their customers are not clear
- Organization manage a complex, mixed environment. More than three-fourths (77 percent) of professionals said that their organization had more than 10 percent of their workloads in the cloud, but only 13 percent said that more than three-quarters of their organization’s data/workload resided the cloud.
- Only 54 percent of security professionals said they had configuration management in place for the cloud, and just 49 percent had file integrity monitoring (FIM) capabilities enabled for the cloud – which could alert to inadvertent exposure of cloud data to the public.