London, UK – August 22, 2019 – With the recent exposure of a huge data breach affecting US bank Capital One, cloud security has once again been put under the spotlight. However, a recent survey from Outpost24 has revealed that many companies today would be unable to detect abnormalities in their cloud environment, while 37 percent have already experienced a cyberattack on their cloud systems. As more organisations embrace digital transformation and migrate to the cloud – the results of the survey highlight the lack of security hygiene when it comes to cloud environments.
The study, which was carried out at Infosecurity Europe in June 2019, studied the attitudes of 300 security professionals and also revealed that over a quarter (27 percent) of organisations do not know how quickly they could tell if their cloud data had been compromised, while 11 percent said a compromise on their on-premise data would be much quicker to detect, indicating some organisations are still relying solely on cloud service providers to protect their cloud data.
Other survey findings revealed that 42 percent of security professionals believe their on-premise data is more secure than their cloud hosted data, while 19 percent of organisations only carry out security testing on their cloud environment annually and a staggering 11 percent never run any security testing at all.
“The cloud offers organisations huge benefits in terms of cost savings and scalability, however security in these environment should never be overlooked,” said Bob Egner, VP at Outpost24. “Organisations should treat their cloud assets just as they would their on-premise assets and apply all the same security principles of vulnerability and application security assessment, plus checks for cloud misconfigurations and security posture. It is extremely important to understand the shared responsibility model and what cloud service providers such as Amazon Web Services (AWS) and Microsoft Azure can and cannot offer in terms of security, as ultimately the responsibility of protecting your data and cloud workloads lies with you, the organisations using the cloud services.”
The study also asked respondents about how many of their products and applications are running in the cloud and 34 percent said more than half, while 15 percent said all their assets were running in the cloud.
“Our survey clearly shows that many organisations today are heavily reliant on the cloud, and often multi-cloud, which makes it difficult to apply and homogenise the correct security controls across multiple cloud service providers. Security testing should be continuous across the entire technology stack, including the cloud. Running automated and continuous testing is the best way to identify if cloud data is being accessed by anyone maliciously and to help spot any misconfigurations in real-time which could put the data at risk,” continued Egner.
Notes to editor:
This survey was carried out in June 2019 at the Infosecurity Europe Conference in London and studied the attitudes of 300 security professionals.
For more information on the study, please visit: http://bit.ly/2L9MSaV
Outpost24 is a leading cyber assessment company focused on enabling its customers to achieve maximum value from their evolving technology investments. By leveraging our full stack security insights to reduce attack surface for any architecture, Outpost24 customers continuously improve their security posture with the least effort. Over 2,000 customers in more than 40 countries around the world trust Outpost24 to assess their devices, networks, applications, cloud and container environments and report compliance status for government, industry sector, or internal regulations. Founded in 2001, Outpost24 serves leading organizations across a wide range of segments including financial and insurance, government, healthcare, retail, telecommunications, technology, and manufacturing.