Bekker's Blog

Blog archive

Survey: Public Cloud Security Incidents Becoming Commonplace

A new survey-based security research report suggests that seven in 10 organizations have experienced public cloud security incidents in the last year.

U.K.-based security company Sophos released its report, "The State of Cloud Security 2020," this week. The findings are significant due to the substantial sample size of the survey, with responses from more than 3,500 IT managers in 26 countries.

Conducted in January and February, the survey doesn't allow for any conclusions about changes in attack patterns since the coronavirus pandemic forced a shift to remote work, with its increased reliance on public cloud platforms. However, the survey reveals eye-opening trends about how common public cloud security incidents were already becoming at the beginning of this calendar year.

"Seventy percent of respondents said they had suffered a public cloud security breach in the last year," the report states. "This is extremely worrisome for organizations, with 96% of the 3,521 respondents expressing concern about their current level of security across the six major public cloud platforms."

For purposes of the survey, Sophos focused its definition of public cloud on Microsoft Azure, Oracle Cloud, Amazon Web Services (AWS), VMware Cloud on AWS and Alibaba Cloud. In addition, some respondents were also using Google Cloud and IBM Cloud.

As for how attackers are getting in, a third of the survey respondents attributed incidents to having cloud account credentials stolen. The other two-thirds of breaches resulted from a security misconfiguration. Of the misconfigurations, 22 percent involved cloud resource misconfigurations and 44 percent occurred at the Web application firewall.

Organizations using multiple public clouds may be having more trouble than those concentrating on a single cloud, the survey suggests. " Security risks inevitably multiply as organizations expand their number of cloud environments. Seventy-three percent of the organizations surveyed were using two or more public cloud providers and reported up to twice as many security incidents as those using one cloud platform," according to the report.

The full report is available here.

Posted by Scott Bekker on July 09, 2020 at 1:03 PM


Featured

  • Notebook

    Microsoft Bolsters Dynamics 365 with Suplari Acquisition

    An acquisition announced by Microsoft on Wednesday promises to bring AI solutions for assessing supply-chain spending to the Dynamics 365 product.

  • Microsoft Announces Positive Q4 Revenue Results of $46.2B

    Microsoft on Tuesday reported $46.2 billion in total revenue during its fiscal-year 2021 Q4 period, up 21% from the same quarter last year.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • Kaseya Unlocking REvil-Encrypted Data Using Universal Key

    IT solutions firm Kaseya is now using a "universal decryptor key" for customers affected by a REvil ransomware attack.