IT Pros Name Misconfiguration #1 Cloud Security Threat

Configuration errors are the number one threat to cloud security, according to a new poll of IT and security professionals by Check Point.

The security vendor interviewed 653 industry professionals to compile its 2020 Cloud Security Report.

Three-quarters (75%) claimed to be “very” or “extremely” concerned about cloud security, with most (52%) believing that the risks are higher in the public cloud than on-premises.

The top four threats were cited as: misconfiguration (68%), unauthorized cloud access (58%), insecure interfaces (52%), and account hijacking (50%). 

These security concerns have created multiple barriers to further adoption of cloud services. The top inhibitor of adoption was a lack of qualified staff (55%), up from fifth place last year.

This may go some way to explaining respondents’ concerns around configuration errors, especially as 68% of these organizations are using two or more public cloud providers — adding to the complexity.

Other top barriers included budget constraints (46%), data privacy issues (37%), and a lack of integration with on-premises security (36%).

The number of organizations struggling with existing security tools also rose from last year, from 66% to 82% — indicating that many may still be trying to apply on-premises technologies to cloud environments.

The good news is that despite the current macroeconomic climate, 59% of organizations expect their cloud security budget to increase over the next 12 months, with respondents on average allocating 27% of their security budget to cloud security.

“The report shows that organizations’ cloud migrations and deployments are racing ahead of their security teams’ abilities to defend them against attacks and breaches. Their existing security solutions only provide limited protections against cloud threats, and teams often lack the expertise needed to improve security and compliance processes,” said TJ Gonen, head of cloud product line at Check Point. 

“To close these security gaps, enterprises need to get holistic visibility across all of their public cloud environments, and deploy unified, automated cloud-native protections, compliance enforcement and event analysis.”

Cloud security posture management (CSPM) tools are widely viewed as a best practice way to help mitigate the risk of misconfigurations. One provider, Trend Micro, claims that its Cloud One- Conformity product detects 230 million of these errors every single day.

What’s Hot on Infosecurity Magazine?