The 2019 State of Cloud Security
Enterprise cloud security is making real progress, but emerging technologies call for security teams to keep up the pace.
May 3, 2019
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt0dbd93337f1b01e2/64f0d09444491b914fabe272/01-cloudsecurity19.jpeg?width=700&auto=webp&quality=80&disable=upscale)
The state of cloud security is improving — or, at the very least, it isn't backsliding. But as cloud technology grows more prevalent and more complicated, security teams are going to need to keep innovating with improved controls and integrations.
So say the experts with SANS Institute, which just put together its first comprehensive review of cloud security practices since 2017. On a positive note, SANS analyst and instructor Dave Shackleford says responses show that cloud security stances are improving.
"The news was not all doom and gloom. I was pretty excited by some of the results that came back this year because there are some shifts happening that tell me the security industry is really starting to step up," Shackleford says.
Nevertheless, increased penetration of the cloud, increasing attacker awareness of expanding opportunities to target cloud resources, and the acceleration of use of new cloud technologies are all making it tough to rest on those laurels.
"The attackers have figured out that there's a lot of cloud surface area to approach and attack," Shackleford explains. "At the same time, we've got people trying to make use of new platforms and new technologies within those platforms — things like Kubernetes, S3 buckets, and so forth."
As a result, the survey shows a big uptick in unauthorized access by outsiders into cloud environments and assets — impacting 31% of organizations so far this year compared with 19% two years ago. The good news is that while organizations are still struggling to gain visibility into cloud environments, that situation has improved. Whereas in 2017 55% of organizations complained they were frustrated by trying to get low-level logs and systems information for forensics, that has decreased to 30% of organizations today.
To offer more insight into the report's findings, Dark Reading cherry-picked some of the best charts from the report to offer an overview of the highlights.
The SANS study shows the most prevalent applications running out in the cloud are business apps and data, with 75.5% reporting that use case, followed far behind by 48% reporting storage or archiving data as the second most popular application. Interestingly, whereas in 2017 84% of organizations reported using workforce applications like Dropbox out in the cloud, this year's report shows that number dropped down to 44.7%. With so many business applications out in the cloud, it should come as no surprise that some of the highest incidences of sensitive data stored in the public cloud are business intelligence, intellectual property, and customers' personally identifiable information (PII).
According to the study, the percentage of organizations that experienced a breach in the past year remained flat compared with 2017 results, impacting approximately 11% of organizations. However, the origination of attacks has shifted. Two years ago, the most common issue causing an incident or breach was a distributed denial-of-service (DDoS) attack. This year, account or credential hijacking tops the list, followed closely by misconfiguration, which also occupied the No. 2 slot in 2017.
While SANS found growth in a hybrid or services model of cloud security, with increasing use of services such as CASBs, encryption gateways, and identity management solutions, the majority of security controls are still being managed internally. That is problematic when taken in light of the fact that SANS found only 44% of organizations are using cloud provider APIs to implement security controls. When organizations do use APIs, they tend to focus on things like configuration management, logging, and identity and access management.
SANS names identity and access management as one of the most critical and growing areas of security controls for the cloud. The study shows that the approaches vary (and overlap) in how different organizations are working to maintain access control over cloud environments. The most common strategy employed is synchronizing in-house directories to public cloud directory services. That's followed by the use of identity-as-a-service (IDaaS) providers to federate access and single sign-on, and using IAM policies to control object access and application behavior.
Meantime, SANS says DevOps-style application pipelines that make use of cloud infrastructure are calling for an increased use of automated controls and monitoring tactics. Approximately 55% of respondents use some form of automation or orchestration as part of their cloud management and security regimens, including infrastructure-as-code; security automation, orchestration and response (SOAR); configuration orchestration; and serverless technologies.
Meantime, SANS says DevOps-style application pipelines that make use of cloud infrastructure are calling for an increased use of automated controls and monitoring tactics. Approximately 55% of respondents use some form of automation or orchestration as part of their cloud management and security regimens, including infrastructure-as-code; security automation, orchestration and response (SOAR); configuration orchestration; and serverless technologies.
The state of cloud security is improving — or, at the very least, it isn't backsliding. But as cloud technology grows more prevalent and more complicated, security teams are going to need to keep innovating with improved controls and integrations.
So say the experts with SANS Institute, which just put together its first comprehensive review of cloud security practices since 2017. On a positive note, SANS analyst and instructor Dave Shackleford says responses show that cloud security stances are improving.
"The news was not all doom and gloom. I was pretty excited by some of the results that came back this year because there are some shifts happening that tell me the security industry is really starting to step up," Shackleford says.
Nevertheless, increased penetration of the cloud, increasing attacker awareness of expanding opportunities to target cloud resources, and the acceleration of use of new cloud technologies are all making it tough to rest on those laurels.
"The attackers have figured out that there's a lot of cloud surface area to approach and attack," Shackleford explains. "At the same time, we've got people trying to make use of new platforms and new technologies within those platforms — things like Kubernetes, S3 buckets, and so forth."
As a result, the survey shows a big uptick in unauthorized access by outsiders into cloud environments and assets — impacting 31% of organizations so far this year compared with 19% two years ago. The good news is that while organizations are still struggling to gain visibility into cloud environments, that situation has improved. Whereas in 2017 55% of organizations complained they were frustrated by trying to get low-level logs and systems information for forensics, that has decreased to 30% of organizations today.
To offer more insight into the report's findings, Dark Reading cherry-picked some of the best charts from the report to offer an overview of the highlights.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024