As 2019 hits the halfway mark, the top three cloud security trends from previous years continue. In fact, they’ve grown. A survey of the 400,000 members of the Cybersecurity Insiders information security community explored what’s top of mind for these predominantly senior-level managers in IT security and IT operations:
Top cloud providers AWS, Microsoft Azure, and Google Cloud should take note: Cloud security is a huge concern for cyber security professionals. The vast majority, as revealed in the 2019 Cloud Security Report, are moderately to extremely concerned. And they have every reason to be, faced with an upward trend in cloud security incidents, including high-profile data breaches, and the OWASP Top 10 now including a category for components known to be vulnerable.
Paradoxically, most respondents also reported being at least moderately confident in their organization’s own cloud security posture. It’s hard to reconcile this level of confidence with the challenges listed in the report. Do cyber security professionals think the problems trending in cloud security only apply to the other people?
The top cloud security concern is data loss and leakage (64%), followed closely by data privacy and confidentiality (62%). But cyber security professionals have other cloud security issues on their minds too. Compliance, accidental credentials exposure, and data control are also high on the list of trending cloud security concerns.
Ask anyone who has ever had to deal with software standards compliance for HIPAA, PCI DSS, GDPR, or other rules and regulations concerning software security or data privacy. They’re likely to tell you that monitoring for new vulnerabilities is one of their greatest challenges. Likewise, the 2019 Cloud Security Report notes that monitoring for new vulnerabilities in cloud services is trending as the No. 1 cloud compliance challenge (43%). Following closely are surviving audits and risk assessments and monitoring for ongoing compliance.
Another cloud security trend relates to the inexorable migration of applications to the cloud. Specifically, organizations think it’s important to maintain continuous compliance when transitioning on-premises workloads in containers or virtual machines (VMs) to the cloud. Only 5% of cyber security professionals disagreed.
Regarding barriers to cloud adoption, the current trend doesn’t present itself as one specific cloud migration security risk, or even two. Cyber security professionals profess that data security, loss, and leakage risks are the top impediment to cloud adoption (29%). But an almost equal number of respondents mentioned general security risks (28%), and budget issues, compliance, and staffing were close behind. Six of one, half dozen of the other.