Tenable recently unveiled their Cloud Security Outlook, with a focus on helping users gain control over cloud security gaps by determining the most critical risks and establishing mitigation priorities. Some of the highlights of the report include:
- 95 percent of those surveyed have suffered a cloud breach, with 58 percent reporting actual harm from exposed sensitive data. An additional 29 percent reported that the breach caused “significant” harm, which is defined as any adverse consequences to someone or an organization. Tenable states that these findings “highlights the critical need for robust cloud security measures and a proactive approach to address the full scope of vulnerabilities that potentially exist in the rapidly evolving threat landscape.”
- Each responded experienced an average of 3.6 unique cloud breaches.
- 57 percent of manufacturers reported a cloud-based security breach.
- Of the organizations that had cloud-related breaches, 99 percent cited identities and permissions risk as the cause. The biggest challenges to securing identities and permissions included a lack of visibility (53 percent); difficulty managing a multi-cloud environment (50 percent) and DevOps fearing that “security will break something” (43 percent).
- When asked about current real and perceived risks to their cloud infrastructure, respondents again focused on insecure human/service identities and risky permissions (39 percent), with additional concerns including workload vulnerabilities or runtime threats (32 percent); ransomware attacks (31 percent); supply chain attacks against the cloud (30 percent) and insecure APIs (23 percent).
- Cloud security is also not immune to a skills gap found throughout a number of industries, including manufacturing. The report cited 95 percent of respondents were affected by a lack of expertise in cloud infrastructure protection. Approximately 66 percent of those participating in the survey believe this lack of expertise puts their organization at risk.
- Additional challenges related to cloud security entail visibility (53 percent); difficulties managing a multi-cloud environment (50 percent), and budget constraints (22 percent).
- Looking forward, respondents cited a number of priorities associated with improving their cloud security, including implementing a zero trust strategy (38 percent), remediating misconfigurations (38 percent), better management of identities (33 percent), detecting and evaluating ransomware attack risk (30 percent), and implementing cloud detection and response (29 percent).
To read the report in its entirety, you can click here.