Dive Brief:
- More than 80% of organizations have experienced a cloud-related security incident over the past 12-month period, according to research from Venafi. Almost half of those organizations reported at least four incidents over the same period.
- Companies are rapidly undergoing digital transformation to the cloud. Organizations in the study currently host 2 in 5 applications in the cloud, however that figure is expected to reach 3 in 5 over the next 18 months.
- Despite those rapid changes, more than half of all organizations said they consider the risk of security incidents higher in the cloud, compared with on-premises environments.
Dive Insight:
The operational and security concerns that emerge from moving to the cloud include hijacking of accounts, ransomware, data privacy issues and nation-state attacks.
Organizations most commonly encountered security incidents during runtime, unauthorized access and misconfigurations. All were cited by about one-third of respondents.
“Attackers are now on board with businesses' shift to cloud computing,” Kevin Bocek, VP of security strategy and threat intelligence at Venafi, said in a blog post. “The ripest target of attack in the cloud is identity management, especially machine identities.”
Responsibility for maintaining cloud security has also shifted within organizations, as 25% of enterprise security teams are the most likely to manage cloud security. Operations teams accountable for cloud infrastructure account for 23%, followed by collaborative teams and DevSecOps.
The study of 1,100 security decision makers was conducted by Sapio in July. The officials were based in a range of international markets, including the U.S., U.K., France, Germany, the Benelux countries and Australia.