Maintaining secure configurations in the cloud is difficult

Majority believe human error could cause exposure of cloud data, indicating need for more automation.

  • 4 years ago Posted in

Tripwire has published the results of a survey on the implementation of cloud security best practices. Conducted by Dimensional Research last month, the survey evaluated the opinions of 310 security professionals.  

According to the survey, a number of organisations face shortcomings in monitoring and securing their cloud environments. A majority of security professionals (76%) state they have difficulty maintaining security configurations in the cloud, and 37% said their risk management capabilities in the cloud are worse compared with other parts of their environment. Almost all (93%) are concerned about human error causing accidental exposure of their cloud data. 

Attackers are known to run automated searches to find sensitive data exposed in the cloud, making it critical for organisations to monitor their cloud security posture on a recurring basis and fix issues immediately. However, Tripwire’s report found that only 21% of organizations assess their overall cloud security posture in real time or near real time. While 21% said they conduct weekly evaluations, 58% do so only monthly or less frequently. Despite widespread worry about human errors, 22% still assess their cloud security posture manually. 

“Security teams are dealing with much more complex environments, and it can be extremely difficult to stay on top of the growing cloud footprint without having the right strategy and resources in place,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Fortunately, there are well-established frameworks, such as CIS benchmarks, which provide prioritized recommendations for securing the cloud. However, the ongoing work of maintaining proper security controls often goes undone or puts too much strain on resources, leading to human error.” 

Most organisations utilize a framework for securing their cloud environments - CIS and NIST being two of the most popular - but only 22% said they are able to maintain continuous cloud security compliance over time. While 91% of organisations have implemented some level of automated enforcement in the cloud, 92% still want to increase their level of automated enforcement.  

Additional survey findings show that automation levels varied across cloud security best practices: 

  • Only 51% have automated solutions that ensure proper encryption settings are enabled for databases or storage buckets. 

  • Less than half (45%) automatically assess new cloud assets as they are added to the environment. 

  • A slim majority (51%) have automated alerts with context for suspicious behavior.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...