A new report released by cybersecurity specialist Sophos provides worrying figures about the poor state of cloud security at enterprises globally, claiming that 70% of organizations experienced a public cloud security incident in the last year.
Such incidents range from ransomware and other malware (50%) through to exposed data (29%), compromised accounts (25%) and "cryptojacking" (17%).
One interesting stat is that organizations running multicloud environments are over 50% more likely to suffer a cloud security incident than those running a single cloud.
Some 73% of the organizations surveyed were using two or more public cloud providers, such as Microsoft Azure, Oracle Cloud, Amazon Web Services (AWS), VMWare Cloud on AWS, and Alibaba Cloud, and possibly also Google Cloud and IBM Cloud. They reported more security incidents than those using a single platform.
Sophos commissioned research specialist Vanson Bourne to carry out the survey of 3,251 IT managers across 26 countries who are using the public cloud.
The research also found that data loss and leakage is listed as the one of the biggest cloud security concerns for global organizations. Around 59% of the breaches were said to be the result of cloud misconfiguration, while 38% were from cloud account credentials being stolen. About 21% of respondents are concerned that current cloud security products cannot keep up with their company's development teams.
Notably, European organizations suffered the lowest percentage of security incidents in the cloud, an indicator that compliance with General Data Protection Regulation (GDPR) guidelines is helping to protect them from being compromised. India, on the other hand, fared the worst, with 93% of organizations being hit by an attack in the last year.
Chester Wisniewski, principal research scientist at Sophos, expressed some concern that many organizations "still don't understand their responsibility in securing cloud data and workloads. Cloud security is a shared responsibility, and organizations need to carefully manage and monitor cloud environments in order to stay one step ahead of determined attackers."
At the same time, Sophos said the fact that 96% of respondents admit to concern about their current level of cloud security is "an encouraging sign that it's top of mind and important." Less encouraging is the fact that only one in four respondents view lack of staff expertise as a top concern.
For more on this topic, see:
- Verizon, Vodafone flesh out edge computing opportunity with AWS
- Evolving to a Telco Converged Cloud for a Worry-Free 5G SA
- Asia cloud slowdown 'not a positive' for economic recovery
- Clearing up my view of the telco cloud
- Case Study: How Service Providers Can Deploy a Cloud-Based Security Service at a Low Cost
- Cisco Slammed on Security Performance
— Anne Morris, Contributing Editor, Light Reading