About one-third of respondents in a survey of RSA attendees describe the state of security monitoring within their organization as “complex and chaotic,” thanks to a lack of visibility into the cloud and proliferating internet of things (IoT) devices.
According to AlienVault’s latest report, many IT professionals are still struggling to monitor the cloud environment effectively, and no wonder: About 39% of respondents use more than 10 different cloud services within their organization, and an additional 21% don’t know how many cloud applications are being used. In addition, 40% state that their IT team is not always consulted before a cloud platform is deployed, meaning that they are unable to offer guidance and advice, or do due diligence on a platform or service.
As a result, a lack of visibility into the cloud is a significant concern for 42%.
The survey also asked participants what concerned them most about cloud security. While malware was rated as the highest concern, with 47% of respondents worrying about it, and 21% are worried about the cloud-based services they use producing “too many logs.” This finding also points to the problems associated with auditing cloud environments in the event of an incident.
That said, the survey results also reveal a major disconnect between respondents’ beliefs and their actions when it comes to cloud security and IoT. For instance, despite concerns, 47% would rather monitor a cloud environment than an on-premises one. Meanwhile, 62% indicate they are worried about IoT devices in their environment, yet 43% of respondents say their company does not monitor IoT network traffic at all. An additional 20% aren’t sure if they do or do not. Amidst this, 45% believe IoT benefits outweigh the risks.
“The driving force behind cloud and IoT is the availability and analysis of information, but they must be managed and monitored in the right way,” said Javvad Malik, security advocate at AlienVault. “If data is misused, or inadequately protected, the consequences can be severe. According to the survey findings, many companies are using these impacting technologies to reap the technological and business benefits they provide, but they are doing so without proper monitoring—leaving their company at greater risk of attack.”