Qualys exposes cloud and SaaS risks

A significant number of customers are exposed to security risks as a result of challenges managing rapidly evolving environments.

According to research from by Dark Reading and Qualys, 28% of firms surveyed had suffered a cloud or SaaS data breach in the past year. Out of those hit, a third suffered multiple breaches in the past 12 months.

The research also uncovered that high levels (60%) of respondents were using more than two cloud and SaaS security tools to manage their systems, causing headaches and leading to gaps.

One of the primary causes for this high number were the difficulties many customers were facing in managing their different environments and applications, which was getting worse as digital transformation and AI was rolled out further across businesses, which presents an opportunity for the channel to provide support around this area.

Matt Middleton-Leal, managing director EMEA at Qualys, said that exposing the problem meant that the channel could provide clarity to those looking to gain more control and reduce their risk profile.

“Cloud security and SaaS application management frequently come up as significant pain points for companies, particularly around how hard it is to keep up with risks over time,” he said. “The disjointed nature of many companies’ security implementations means that their staff have real trouble in maintaining a clear security posture.

“To help customers solve these problems, partners can look at how to consolidate the data that their customers have and help them to make sense of this information faster. Making this data easier to understand so you can provide that insight into what is really at stake sounds simple, but it is much harder to get that comprehensive picture in place than it sounds.

“Working on cyber risk quantification [CRQ] with your customers can provide that path forward around how to understand which are the most pressing risks based on the financial impact that they can have on that organisation and its operations,” he added.

The research found that some of the most commons problems included misconfiguring Azure, AWS and Google Cloud resources. Some customers were also failing to add encryption to public virtual machines (VMs), with many VMs found to have critical vulnerabilities.

Human error, often responsible for misconfiguration of public cloud services, was seen by organisations as the biggest risk, followed by fears over targeted cyber attacks. Customers complained of a lack of skilled staff, having limited visibility into their cloud environments and struggling with incident complexity.

The research also revealed the top security applications concerns includes cyber attacks that exploited complexity and density of microservices, untracked communications privileges plus image and app vulnerabilities.

Middleton-Leal said that there were various directions partners could assist customers once the risks had been exposed: “Once you have helped your customer understand their risks, then you can seek out opportunities to reduce or remove those risks.

“This can be through technology sales like security tool consolidation projects, but also through consulting work around how to turn risk management into operational processes that cut across those customers’ departments.

“Getting your customers’ CISOs or security leads working with their colleagues in finance or risk can be an effective way to land and expand more revenues over time,” he added.