News

Cloud Security Survey: Top Concern Is Data Loss/Leakage

• By David Ramel
• 07/17/2019

In a finding that probably comes as no surprise to users of the Amazon Web Services Inc. (AWS) cloud platform, a new study says data loss and leakage is the No. 1 cloud security concern.

AWS has been plagued by data leaks and breaches for years, though blame is almost always placed on user misconfiguration rather than any inherent defects in cloud security mechanisms.

The new 2019 Cloud Security Report from Cybersecurity Insiders alludes to that issue.

"While cloud service providers like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) continue to expand security services to protect their evolving cloud platforms, it is ultimately the customers’ responsibility to secure their applications and data within these cloud environments," states the report, which was sponsored by cloud security specialist Synopsys and conducted by the 400,000-member information security community.

Close behind data loss/leakage (reported by 64 percent of respondents) among top reported security concerns was data privacy/confidentiality, reported by 62 percent of respondents, after which there is a significant drop-off in other concerns:

Other highlights from the report include:

• The biggest barriers to cloud adoption are data security, loss, and leakage risk (29 percent) and general security risks (28 percent).
• Forty-three percent of respondents say monitoring for new vulnerabilities in cloud services is the most challenging part of the cloud compliance process.
• Only about one-third of respondents are very confident or extremely confident in their organization’s cloud security posture.
• The top two biggest operational, day-to-day headaches caused by trying to protect cloud workloads are compliance (34 percent) and visibility into infrastructure security (33 percent).
• The top means to protect data in the cloud include access controls (52 percent), encryption/tokenization (48 percent) and security services offered natively by the cloud provider (45 percent).
• Top cloud security priorities this year include defending against malware (25 percent), reaching regulatory compliance (20 percent) and securing major cloud apps already in use (15 percent).
• More than half of organizations (51 percent) state training and certifying IT staff ranks as the primary tactic they deploy to ensure that their evolving security needs are met.
• 24 percent of organizations consider their current security training programs to be very effective, while 39 percent would say somewhat effective.

"Overall, the findings in this report emphasize that to protect their evolving IT environments, security teams must reassess their security posture and strategies and address the shortcomings of legacy security tools and approaches," concluded the report, which was based on an online survey targeting Cybersecurity Insiders members. The report didn't specify exactly how many of the 400,000 members participated.