IT disaster recovery, cloud computing and information security news

As cloud adoption accelerates and the scale of cloud environments grows, organizational engineering and security teams say that the associated risks — and the costs of addressing them — are increasing. The findings are part of the State of Cloud Security 2021 survey conducted jointly by Fugue and Sonatype. 

The survey of 300 cloud professionals representing a variety of organizations using the cloud at scale found that 36 percent of organizations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they’re vulnerable to a major data breach related to cloud misconfiguration. 64 percent say the problem will get worse, or remain unchanged over the next year. 

“This year’s survey reveals that the complexities and dynamism of at-scale cloud environments outpace the ability of teams to keep them secure,” said Josh Stella, co-founder and CEO of Fugue. “Engineering and security teams continue to ramp up the time and resources they invest in cloud security, but say they still lack the visibility and automation they need.” 

Cloud misconfiguration mistakes: a major insider threat

The primary causes of cloud misconfiguration cited are too many APIs and interfaces to govern (32 percent), a lack of controls and oversight (31 percent), a lack of policy awareness (27 percent), and negligence (23 percent). 21 percent said they are not checking infrastructure as code (IaC) prior to deployment, and 20 percent aren’t adequately monitoring their cloud environment for misconfiguration.

Cloud and infrastructure as code security is a people problem

Traditional security challenges play a significant role in cloud security, such as alert fatigue (cited by 21 percent) and false positives (27 percent), and human error (38 percent). The demand for cloud security expertise continues to outpace supply; 36 percent cite challenges in hiring and retaining the cloud security experts and 35% cite challenges sufficiently training their cloud teams on security.

Securing infrastructure as code and cloud environments is costly

The adoption of IaC presents cloud teams with the opportunity to check configurations pre-deployment, with half of the teams surveyed investing 50+ engineering hours per week on IaC security. They invest the same amount of time on securing running cloud environments.  

Cloud security challenges and what professionals say they need

The lack of policies that work across the cloud development lifecycle (CDLC) from IaC through the runtime was cited as a significant issue, with 96 percent saying such a unified policy framework would be valuable. 47 percent said they need better visibility into their environments, and 43 percent said automated compliance audits and approvals would help. 

Obtain the report.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.