Cloud Security Roundup

Cloud security risks are a big concern and are getting worse, according to four recent studies. As examples, 97% of Google Workspace users have authorized at least one third-party app to have access to their corporate Google account and 89% of organizations say that microservices, containers, and Kubernetes have created application security blind spots. Here’s a high-level review.

By Maria Colasurdo

Maria is a skilled researcher and oversees TMC benchmarking studies .

Security Pros

Cisco published a 2020 survey of 4800 security professionals asking which security practices had the biggest impact on business outcomes. They found that:

• If you want to achieve overall program success, including retention of security talent, devote resources to proactive tech refresh and integrate your technology.
• If you want a strong security culture that’s embraced by all, focus on good equipment, clear direction, accurate alerts, and timely fixes of security issues.

CISO’s

Dynatrace commissioned Coleman Parkes to conduct their 2021 Global CISO report which included input from 700 CISOs of large (>1000 employee) companies. Their findings included:

• 77% say most security alerts and vulnerabilities are false positives that don’t require actioning as they’re not actual exposures
• 67% say the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact
• 57% say alerts lack information needed to ensure the most critical vulnerabilities are fixed first.

AWS Security Pros

The Cybersecurity Insiders 2021 AWS Cloud Security Report surveyed 300 security professionals to find that:

• 95% of cybersecurity professionals confirm they are extremely to moderately concerned about public cloud security.
• The top 3 concerns include Misconfiguration of the cloud platform (71%), Exfiltration of sensitive data and Insecure APIs (54%).
• >40% of organizations embrace hybrid cloud (44%) and multi-cloud deployments (43%) for planned redundancy because of commitments to legacy applications in traditional data centers. Single cloud deployments (11%) continue to diminish in importance.
• 90% of organizations use more than two cloud providers.

Executives

In their 2021 study of 4300 executives, they found that tech Leaders, the top 10% of the survey group, were growing company revenues at 5x the speed of tech Laggards, the bottom 25% of the group. The study also saw 18% of the survey group emerge as Leapfroggers, who grew at 4x the rate of the Laggards.

The Leaders, and now the Leapfroggers, demonstrate three strategies that underlie their success:

1. They move to and innovate in the

cloud.

1. They reframe, adopting innovation- led strategies.
2. They flip their IT budget allocation to favour innovation from a traditional 70/30 split for maintenance/innovation and new spending, to a 30/70 split, keeping the IT budget unchanged.

If you’d like to comment on this article or explore these ideas further, contact me at maria.