We recently announced the results of a report we conducted on cloud security and management challenges. The “2021 State of Cloud Security Posture Management Report” is based on survey responses from 253 full-time, US-based, IT professionals who develop, and either deploy or manage Enterprise cloud applications or infrastructure.
“These findings confirm what we’ve observed first-hand — cloud security is a major challenge,” said John Grange, CTO, and co-founder of OpsCompass. “Operations teams are managing increasingly complex cloud infrastructure and are hyper-concerned about misconfigurations and configuration drift resulting in security gaps and potential breaches. Our goal with this report is to assess what teams are experiencing today, understand their concerns, and drive conversations to improve cloud security.”
The State of Cloud Security Posture Management Report also revealed that 97% of cloud professionals have some level of confidence in how their organization is handling their cloud security. Yet over half of them have experienced a breach in their security, and over one-third replied that they wouldn’t be surprised if their organization made the news for a major failure. This could result not only in a major loss of data and the potential for service downtime, but a loss of reputation as well.
Where is the disconnect? How can you have high confidence in systems that aren’t truly secure? Cloud professionals might be overconfident in their organization’s ability to secure their cloud, but it’s hard to blame them because when it comes to cloud security it’s easy to develop a false sense of security. Multi-cloud security is both multi-dimensional and complex, so one can feel confident across a certain dimension, like Network Security, but be lacking in areas like Identity and Access Management or visibility into increasingly rapid deployments — approaches that ignore this paradigm in favor of more traditional approaches can set an organization up for disaster.
Key findings in the report include:
- Multi- or hybrid-cloud infrastructure drives security and management challenges. A majority (91%) say they are working with multi-or hybrid-cloud infrastructure. When combined, many (47%) are concerned with visibility, misconfigurations, configuration drift, and an overall gap in cloud-management skills. Some, (29.3%) are concerned about managing identity and security baselines.
- Cloud security posture confidence is high, yet most have experienced a cloud-related breach. A majority (68%) said they have a high degree of confidence in their cloud security, visibility, and compliance capabilities while most (55%) reported experiencing a breach. Top threat concerns include malware, ransomware, malicious insiders, and compromised accounts.
- CSPM awareness and adoption are growing. A vast majority of respondents (86%) have grown more favorable about CSPM, and many are hearing about it from colleagues and influencers. Some (29%) need better visibility and compliance management and are interested in switching CSPMs, while (38%) are looking to adopt CSPM solutions for the first time.
- Top cloud security priorities for 2021 center around improving proactiveness. Getting ahead of issues before they result in a security breach is leading a majority to invest in improving real-time monitoring and detection of misconfigurations, increasing the use of automation, and enhancing communications between DevOps, Security, and Compliance teams.
To download a full report with an analysis of the key findings, please visit: https://discover.opscompass.com/state-cspm.