As several organizations are forced to shift to work from home to curb the spread of COVID-19, IT and cloud security professionals are concerned about the security of their cloud environments, according to the “State of Cloud Security” survey conducted by Fugue.
The survey revealed that 96% of cloud engineering teams are at present 100% working from home, while 83% of them completed the transition or are still in the process. It also found that 84% (who are making the shift) are concerned about security vulnerabilities created during the swift adoption of new access policies, networks, and devices used for managing cloud infrastructure remotely. Nearly 84% of IT professionals admitted that their organization has already suffered a major cloud breach that they have yet to discover (39.7% highly concerned, 44.3% somewhat concerned). While 28% of them stated that they have already suffered a critical cloud data breach that they are aware of.
In addition, the survey also highlighted that 92% are worried that their organization is vulnerable to a major cloud misconfiguration-related data breach (47.3% highly concerned, 44.3% somewhat concerned). It is estimated that over the next year, 33% believe cloud misconfigurations will increase and 43% believe the rate of misconfiguration will stay the same. Only 24% believe cloud misconfigurations will decrease in their organization.
According to Fugue, the main causes of cloud misconfiguration are:
- Lack of awareness of cloud security and policies (52%)
- Lack of adequate controls and oversight (49%)
- Too many cloud APIs and interfaces to adequately govern (43%)
- Negligent insider behavior (32%)
Challenges in Managing Cloud Misconfiguration
- Human error in missing critical misconfigurations (46%)
- Human error when remediating critical misconfigurations (45%)
- Difficulties in training team members on misconfigurations (43%)
The survey stressed that preventing cloud misconfiguration remains a challenge for cloud engineering and security teams, with 73% of them citing more than 10 incidents per day, 36% experiencing more than 100 per day, and 10% suffering more than 500 per day. It states that 3% had no idea what their misconfiguration rate is, while 73% of IT professionals rely on manual processes to defend against automated misconfiguration threats.
The survey findings are based on the responses from 300 IT, cloud, and security professionals, including DevOps engineers, cloud architects, security engineers, site reliability engineers (SREs), DevSecOps engineers, and application developers, who have hands-on experience in using Amazon Web Services, Microsoft Azure, and Google Cloud Platform for cloud computing.