Survey: Public Cloud Security Incidents Becoming Commonplace
A new survey-based security research report suggests that seven in 10 organizations have experienced public cloud security incidents in the last year.
U.K.-based security company Sophos released its report, "The State of Cloud Security 2020," this week. The findings are significant due to the substantial sample size of the survey, with responses from more than 3,500 IT managers in 26 countries.
Conducted in January and February, the survey doesn't allow for any conclusions about changes in attack patterns since the coronavirus pandemic forced a shift to remote work, with its increased reliance on public cloud platforms. However, the survey reveals eye-opening trends about how common public cloud security incidents were already becoming at the beginning of this calendar year.
"Seventy percent of respondents said they had suffered a public cloud security breach in the last year," the report states. "This is extremely worrisome for organizations, with 96% of the 3,521 respondents expressing concern about their current level of security across the six major public cloud platforms."
For purposes of the survey, Sophos focused its definition of public cloud on Microsoft Azure, Oracle Cloud, Amazon Web Services (AWS), VMware Cloud on AWS and Alibaba Cloud. In addition, some respondents were also using Google Cloud and IBM Cloud.
As for how attackers are getting in, a third of the survey respondents attributed incidents to having cloud account credentials stolen. The other two-thirds of breaches resulted from a security misconfiguration. Of the misconfigurations, 22 percent involved cloud resource misconfigurations and 44 percent occurred at the Web application firewall.
Organizations using multiple public clouds may be having more trouble than those concentrating on a single cloud, the survey suggests. " Security risks inevitably multiply as organizations expand their number of cloud environments. Seventy-three percent of the organizations surveyed were using two or more public cloud providers and reported up to twice as many security incidents as those using one cloud platform," according to the report.
The full report is available here.
Posted by Scott Bekker on July 09, 2020