New research commissioned by Qualys and conducted by Dark Reading shines new light on the various ways information security professionals are coping — or struggling — with the difficulties and nuances of safeguarding cloud and SaaS assets, including measuring, communicating, and eliminating cyber risk in the cloud.
Key findings from the research include:
- Cloud adoption is ubiquitous and complex: Most organisations polled (57%) use two to three cloud service providers, and 58% have at least five corporatewide SaaS applications deployed. To secure this complex environment, the majority (60%) must manage and reconcile outputs from two or more separate cloud and SaaS security tools — a task they find challenging and suboptimal.
- Sleepless nights: Professional defenders singled out cost (54%), system reliability and performance (36%), and limited cloud-specific security staff skills (27%) as the cloud and SaaS issues that concerned them the most.
- Attacks are relentless: Moving data and applications to the cloud and adopting SaaS come with a whole set of risks. Enterprises are worried about threats such as account hijacking, phishing, ransomware and malware, data exfiltration, advanced persistent threats, and distributed denial-of-service attacks.
- Config chaos: One place just about all parties find common ground when assessing cloud and SaaS risk is in the thorny issue of misconfigurations, one of the top concerns for both cloud (24%) and SaaS (33%). The level of concern, however, appears to fall well short of the scope of the actual misconfiguration problem in the wild.
- Situational blindness: Few enterprises engage in ongoing or continuous assessment of their cloud and SaaS environments. The rest do security assessments at intervals that range largely from once a quarter (18% for cloud, 11% for SaaS) to once a year (25% cloud, 26% SaaS), and in some cases not at all.
- Difficulty patching: Enterprises are also concerned about adversaries exploiting unpatched vulnerabilities in web applications (39%) and cloud environments (23%). Almost 1 in 5 say they have difficulty applying security updates and patches, creating a situation where organisations are exposed to attack as a result of exploitable vulnerabilities.
- Sluggish response: Topping the list of IR concerns are a lack of skilled workers (49%), limited visibility into cloud and hosted environments (46%), and the inherent complexity of cloud-centric incidents (46%).
“The data shows in stark relief the real-world challenges defenders face when it comes to shoehorning traditional security practices and methods — things like managing configs and vulnerabilities, controlling access, and corralling siloed security tools — into the defences of dynamic multi-cloud and multi-SaaS environments”, commented Shilpa Gite, Senior Manager, Cloud Security Compliance, Qualys. “The research underscores the importance of a comprehensive, unified, strategic approach to cloud and SaaS security that brings together continuous scanning and vulnerability assessment, automated remediation efforts, AI-powered threat detection and response capabilities, and cross-platform risk prioritisation features”.
To enhance security posture, organisations should consider:
- Implementing continuous monitoring and assessment: Enterprises should move away from periodic assessments and adopt continuous security monitoring to identify and mitigate threats in real time. Continuous assessment helps in promptly detecting vulnerabilities that emerge due to constant updates and configuration changes in cloud and SaaS environments.
- Adopting a unified security platform: Using a single, integrated security platform to manage all aspects of security across on-premises, cloud, and SaaS environments is crucial. A unified platform provides comprehensive visibility, streamlined security operations, and consistent policy enforcement, hence reducing the risk of security gaps and inefficiencies wherever they occur.
- Enhancing identity and access management (IAM): Proper IAM practices are essential for securing access to sensitive data and systems, especially in cloud and hosted systems. Enterprises need robust IAM solutions that include multi-factor authentication, least privilege access, and regular access reviews to prevent unauthorised access and minimise insider threats.
- Leveraging automation for security processes: Automating security processes such as vulnerability scanning, patch management, configuration and change management, and incident response, significantly improves operational efficiency and reduces risk of human error. Automation especially empowers under-resourced security teams — that means most of them — to quickly address threats and maintain a mature, proactive security posture.
- Investing in advanced threat detection and response capabilities: To combat sophisticated threats such as advanced persistent threats (APTs), ransomware, and nextgen malware, enterprises should invest in AI-powered threat detection and response solutions. These advanced capabilities enable organisations to detect and respond to threats swiftly, minimising potential damage.
Download the full report to get the latest data, trends, and actionable takeaways that will help you secure your cloud stack with confidence.
Image Credit: Qualys
