On the road to good cloud security: Are we there yet?

Misconfigured infrastructure is IT pros’ top cloud security concern, but they’re conflicted on how to address it in practice.

In early 2020, the “Verizon Data Breach Investigations Report” noted that the second-most common cause of data breaches behind hacking was errors such as misconfigurations. New research published by Enterprise Management Associates in January showed that IT security practitioners believe errors of the misconfiguration sort are the top risk posed to their organizations’ use of cloud services.

The research, “Securing Cloud Assets: How IT Security Pros Grade Their Own Progress,” found that among 14 different threats to cloud-based assets, the riskiest perceived threat was data loss or exposure due to misconfigured cloud infrastructure, according to 16% of respondents. Of course, the second-most risky threat to cloud-based assets was data exfiltration by malicious outsiders, at 14%.

It should be no surprise that this risk is a top concern for IT security practitioners. The movement of assets and workloads to the cloud gained real steam with the COVID-19 pandemic, which put digital transformation initiatives on steroids. Big breaches due to customer misconfiguration errors (like the CapitalOne breach in 2019) also get plenty of attention in the press, keeping IT security executives up at night.

Security Teams Appear Conflicted on Cloud Security
Although most IT security teams are well past being the department of no when it comes to cloud initiatives, many are still struggling with how to best secure those cloud-based assets — at least when they are tasked with doing so.

Others believe they are getting a handle on the problem, and the research uncovered plenty of confidence in security organizations’ ability to protect assets and workloads in the cloud.

To read the complete article, visit Dark Reading.