HelpNet

Help Net Security discusses the state of CSPM

OpsCompass announced the results of a report it conducted on cloud security posture and management challenges. The report is based on survey responses from 253 full-time, US-based, IT professionals who develop, and either deploy or manage enterprise cloud applications or infrastructure.

cloud security posture

“These findings confirm what we’ve observed firsthand — cloud security is a major challenge,”

said John Grange, CTO, OpsCompass.

“Operations teams are managing increasingly complex cloud infrastructure and are hyper-concerned about misconfigurations and configuration drift resulting in security gaps and potential breaches. Our goal with this report is to assess what teams are experiencing today, understand their concerns, and drive conversations to improve cloud security.”

Cloud security posture challenges

  • Multi- or hybrid-cloud infrastructure drives security and management challenges. 91% say they are working with multi-or hybrid-cloud infrastructure. When combined, 47% are concerned with visibility, misconfigurations, configuration drift, and an overall gap in cloud-management skills. 29.3% are concerned about managing identity and security baselines.
  • Cloud security posture confidence is high, yet most have experienced a cloud-related breach. 68% said they have a high degree of confidence in their cloud security, visibility, and compliance capabilities while 55% reported experiencing a breach. Top threat concerns include malware, ransomware, malicious insiders, and compromised accounts.
  • CSPM awareness and adoption are growing. 86% of respondents have grown more favorable about CSPM, and many are hearing about it from colleagues and influencers. 29% need better visibility and compliance management and are interested in switching CSPMs, while 38% are looking to adopt CSPM solutions for the first time.
  • Top cloud security priorities for 2021 center around improving proactiveness. Getting ahead of issues before they result in a security breach is leading a majority to invest in improving real-time monitoring and detection of misconfigurations, increasing the use of automation, and enhancing effective communications between DevOps, security, and compliance teams.