Do not let yourself be spammed with unnecessary SMS, buy a virtual number for receiving SMS!
The Cloud Threat Report 2019 is based on a survey of cybersecurity professionals and IT professionals from more than 450 organizations in North America, the UK, Australia, and Singapore.
The study shows that 70% of organizations use more cloud-critical business services than last year, and it is estimated that the number of companies that have at least half of the data in the cloud will increase 3.5 times from 2018 to 2020. . % of respondents said that most of the data stored in the cloud will be confidential, compared to 50% in the previous year.
On the other hand, there is still a significant security gap, and one of the biggest challenges is the shared responsibility security model, where both cloud client and cloud service provider play a role in protecting infrastructure and applications.
The cloud service provider is typically responsible for virtualization, network, infrastructure, and physical security, and the user is responsible for data security, identity management, and access. The security of applications and guest operating systems may be the responsibility of the user or provider, depending on the type of service.
However, the survey shows that about half of the respondents are embarrassed by their obligations, even people who should be the most knowledgeable, such as CISO and CIO. Oracle says that only 10% of CISO and 25% of CIO fully understand this security model.
The fact that the shared responsibility model differs depending on the type of service provided — either software as a service (SaaS), or infrastructure as a service (IaaS), or platform as a service (PaaS) —can make things even more confusing for cloud computing users and almost 90% recognize that understanding the differences between these types of services is a serious problem.
This confusion led to the emergence of malware (34% of respondents), increased audit risk (32%), unauthorized access to data (30%) and unauthorized or improperly configured systems that compromise (29%). Overall, according to the report, 82% of cloud computing users have encountered a security issue due to confusion.
Other serious issues organizations face include detecting and responding to security incidents in the cloud, lack of skills, lack of coherence between IT and security operations, unauthorized use of cloud services, and lack of visibility.
Cloud Security Issues
When it comes to their ability to analyze security event data on a scale, only 12% think that they are able to analyze more than 75% of the data, and there is a discrepancy between what practitioners say (only 8% think that they have this ability) and what CIOs say (16% said their organization can do this). More than 40% of respondents believe that they can analyze 40% or less of security event data.
When it comes to patches, many organizations admit that they can postpone a patch to the production system if downtime affects the ability to comply with service level agreements or software compatibility issues arise due to lack of approval from different groups, or if the risk of operation is low . These concerns are largely based on incidents that have struck respondent organizations over the past two years.
Nevertheless, patch management plays an important role for most organizations: 43% said they had already implemented automatic patch management, and 46% said they planned to do this in the next 1-2 years.