By Synopsys Software Integrity Group
As 2019 hits the halfway mark, the top three cloud security trends from previous years continue. In fact, they’ve grown. A survey of the 400,000 members of the Cybersecurity Insiders information security community explored what’s top of mind for these predominantly senior-level managers in IT security and IT operations:
•The top cloud security concern is data loss and leakage (64% of respondents).
•The most challenging part of cloud compliance is monitoring for new vulnerabilities in cloud services (43%).
•The biggest barrier to cloud adoption is data security, loss, and leakage risks (29%).
Public cloud security, confidence, and concerns
Top cloud providers AWS, Microsoft Azure, and Google Cloud should take note: Cloud security is a huge concern for cyber security professionals. The vast majority, as revealed in the 2019 Cloud Security Report, are moderately to extremely concerned. And they have every reason to be, faced with an upward trend in cloud security incidents, including high-profile data breaches, and the OWASP Top 10 now including a category for components known to be vulnerable.
Paradoxically, most respondents also reported being at least moderately confident in their organization’s own cloud security posture. It’s hard to reconcile this level of confidence with the challenges listed in the report. Do cyber security professionals think the problems trending in cloud security only apply to the other guys?
The top cloud security concern is data loss and leakage (64%), followed closely by data privacy and confidentiality (62%). But cyber security professionals have other cloud security issues on their minds too. Compliance, accidental credentials exposure, and data control are also high on the list of trending cloud security concerns.
Challenges of cloud compliance
Ask anyone who has ever had to deal with software standards compliance for HIPAA, PCI DSS, GDPR, or other rules and regulations concerning software security or data privacy. They’re likely to tell you that monitoring for new vulnerabilities is one of their greatest challenges. Likewise, the 2019 Cloud Security Report notes that monitoring for new vulnerabilities in cloud services is trending as the No. 1 cloud compliance challenge (43%). Following closely are surviving audits and risk assessments and monitoring for ongoing compliance.
Another cloud security trend relates to the inexorable migration of applications to the cloud. Specifically, organizations think it’s important to maintain continuous compliance when transitioning on-premises workloads in containers or virtual machines (VMs) to the cloud. Only 5% of cyber security professionals disagreed.
Barriers to cloud adoption
Regarding barriers to cloud adoption, the current trend doesn’t present itself as one specific security obstacle, or even two. Cyber security professionals profess that data security, loss, and leakage risks are the top impediment to cloud adoption (29%). But an almost equal number of respondents mentioned general security risks (28%), and budget issues, compliance, and staffing were close behind. Six of one, half dozen of the other.