Enterprises under-resource cloud security despite increasing risks
While spending on cloud services is high with over half of respondents to a new survey spending $10 million or more, 32 percent say they are doing less than they need to, or nothing at all, to ensure the security of their cloud resources.
The study carried out by Osterman Research for Sonrai Security finds respondents have an average of 7,750 identities with access to sensitive cloud data. Overpriviledged identities are ranked a high risk by 41 percent of respondents, just below bad actors/cybercriminals at 46 percent.
"Typically when we hear company executives estimate the number of identities on their cloud, they are talking about people that they have given access to data," says Sonrai Security’s CISO Eric Kedrosky. "When considering the cloud, companies really need to focus on non-people identities -- roles, service principles, serverless functions and other ‘things’ -- that are given roles with access to sensitive data. These things, for which access often gets elevated unnecessarily or persists long after it should, outnumber people identities by hundreds or even thousands to one, and are the most critical threat vector in the cloud today."
Misconfiguration is a leading cause of breaches a leading cause of breaches, with 37 percent of respondents saying that they had increased significantly in the last 12 months. When asked the reasons for this, 53 percent cite the complexity of their cloud environments, followed by lack of education and training (45 percent), too few IT and security staff members (43 percent) and unexplained human error (29 percent).
You can read more on the Sonrai blog.