Misconfiguration is the most likely cause of a cloud security incident, cybersecurity professionals said in a new study, placing it far ahead of exposed data or account compromise.
The 775 respondents in Check Point Software’s newly released 2022 Cloud Security Report made it clear that many organizations are struggling to bring security into the DevOps cycle.
What’s the key takeaway from the study? More than half (54%) of the security pros in the study said that engaging with a third-party security vendor, such as managed security service providers (MSSP), rather than the platform provider itself would best suit their organization's cloud security needs.
Why third-party security providers? The simple answer: Less complexity. More than half (56%) of respondents said it is a key consideration for deciding to rely on a third-party solution provider or a cloud native security solution.
That nearly half (45%) are also beset by a skills shortage of trained security staff and managing cloud infrastructures across multiple platforms further magnified the issue: Only 16% of respondents said they had comprehensive DevSecOps in place and 37% were just starting to implement DevSecOps into their cloud application development process, the data showed.
Here are some other top-line data from the survey:
- Cloud security incidents in 2021 were up 10% from the previous year with 27% of organizations now citing misconfiguration, far ahead of issues like exposed data or account compromise.
- Only 16% of respondents said they had comprehensive DevSecOps in place and 37% were just starting to implement DevSecOps into their cloud application development process.
- The complexity of managing three or four different security platforms among the respondents suggests that an independent cloud security solution--as from MSSPs--to streamline security across all cloud platforms is the best choice for organizations.
- Respondents ranked ensuring data protection and privacy for each environment at 57%, having the right skills to deploy and manage a complete solution across all cloud environments at 56%, and understanding service integration options at 50%.
- The need for application protection in the cloud with those capabilities rose by 11% in the last year to become the 3rd highest area of focus as cited by 53% of the respondents.
- 57% of respondents expect to run more than half their workloads in the cloud within the next 12 to 18 months. Of those, some 76% were using two or more cloud providers.
- 75% of organizations favor a single unified security platform with a single dashboard where they can configure all the policies needed to protect data in the cloud. Currently 80% have to juggle at least three separate security solution dashboards to configure their enterprise cloud footprint.
“Faced with the skills shortage, organizations need to do everything they can to simplify their cloud security management,” said TJ Gonen, Check Point cloud security vice president. “An integrated third-party solution that covers all cloud platforms with a single management dashboard would relieve much of the pressure and reduce the risk of increasingly common misconfigurations, while also reducing workloads and providing the security environment to develop, deploy and manage applications in the cloud.”