While cloud adoption is on the rise, the top concern for security professionals is how to secure data in the cloud and protect against data loss (48%).
According to Alert Logic’s Cybersecurity Trends 2017 Spotlight Report, which surveyed companies in the UK, Benelux and Nordics, the next two biggest priorities for security professionals are threats to data privacy (43%) and regulatory compliance (39%).
The study also examined the top constraints faced by these organizations in securing cloud computing infrastructures. The study found that they often lack internal security resources and expertise to cope with the growing demands of protecting data, systems, and applications against increasingly sophisticated threats (42%). There are also other persistent goals: To reduce the cost of security (33%); move to continuous 24x7 security coverage (29%); improve compliance (24%); and increase the speed of response to incidents (20%).
Public cloud platform providers like Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform offer plenty of security measures, but organizations said they themselves are ultimately responsible for securing their own data and the applications running on those cloud platforms.
The results dovetail with Verizon’s recent DBIR report, which showed that attacks on web applications are now the No 1 source of data enterprise breaches, up 300% since 2014. Similarly, the report found cybersecurity professionals—more than half of survey participants—to be most concerned about customer-facing web applications introducing security risk to their business (53%). This is followed by mobile applications (48%), desktop applications (33%) and business applications such as ERP platforms (31%). Application related breaches have negative consequences and can lead to revenue loss, significant recovery expense, and damaged reputation.
“Web applications are the most significant source of breaches for organisations leveraging cloud and cloud hybrid computing infrastructures,” said Oliver Pinson-Roxburgh, EMEA director at Alert Logic. “They are complex, with a large attack surface that can be compromised at any layer of the application stack and often utilize open-source and third-party development tools that can introduce vulnerabilities into an enterprise.”
He added, “A multi-layer web application attack defence is the cornerstone of any effective cloud security solution and strategy.”