The state of cloud security is improving, albeit slowly, according to results of the†2019 SANS State of Cloud Security survey†to be released by SANS Institute on†May 1, 2019.
“Organizations are continually evolving in their use of cloud services, looking to the cloud for procurement, management, and other functions,” says†Dave Shackleford, SANS senior instructor, and analyst. “Along with that movement, organizations are placing more and more sensitive data in the cloud and facing a variety of security concerns.”
More respondents’ organizations experienced unauthorized access to cloud environments or cloud assets by outsiders: 31% in 2019 compared with just 19% in 2017. And concern about that access has remained high, with 56% of 2019 respondents listing it as a concern. The concern for data breaches by cloud provider personnel dropped from 53% in 2017 to 44% this year, which may indicate some growth in trust in the providers. Other major concerns included inability to respond to incidents (52%), lack of visibility into what data is being processed and where (51%) and unauthorized access to data from other cloud tenants at 50%.
It does not appear that these concerns have translated into an increase in breaches. In 2019, 72% of respondents said they weren’t aware of an actual breach, compared with 59% in 2017. This is good news, assuming that lack of awareness isn’t an issue. While 7% just aren’t sure at all (compared with 21% in 2017), 11% said they did experience a breach, and another 11% think they’ve had one but can’t prove it. The percentage of those who have (or believe they have) experienced a breach is roughly the same as it was in 2017.
“Cloud providers are becoming more open and accommodating of security data and controls,” continues Shackleford. “And more vendor solutions are able to bridge the gap between implementations on-premises and in the cloud, providing slow but sure improvement in cloud security.”
Full results will be shared during a†May 1, 2019, webcast at†1 PM†Eastern, sponsored by†ExtraHop†and†Sysdig, and hosted by†SANS, in conjunction with the†Cloud Security Alliance. Register to attend the webcast here.
Register for the BONUS webcast on†May 7, 2019, at†1 PM†Eastern, where survey author†Dave Shackleford, Jim Revise (Cloud Security Alliance) and representatives from†ExtraHop†and†Sysdig†will talk in more depth about key issues that arose in the survey.
Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and cloud security expert,†Dave Shackleford.