Security teams struggle to keep pace with cloud threats

Misconfiguration, unauthorised access and account hijacking are the most pressing of a number of threats to public cloud environments, which are now reaching a level where security operations are finding it more and more of a challenge to keep up, according to a report.

In Check Point’s 2020 Cloud security report, which was conducted by infosec community Cybersecurity Insiders during July based on a global, self-selecting sample of 653 cyber security and IT professionals spread across organisations of varying sizes, the supplier also found there was a perception that traditional security tools offered only limited protection in complex cloud environments.

Among other things, the report found that exactly three-quarters of respondents were either “very” or “extremely” concerned about public cloud security, and 68% reported using multiple public cloud providers, meaning they had to learn multiple proprietary native security tools and management tools in their day-to-day work.

“The report shows that organisations’ cloud migrations and deployments are racing ahead of their security teams’ abilities to defend them against attacks and breaches,” said TJ Gonen, Check Point Software’s cloud product line head. “Their existing security solutions only provide limited protections against cloud threats, and teams often lack the expertise needed to improve security and compliance processes.

“To close these security gaps, enterprises need to get holistic visibility across all of their public cloud environments, and deploy unified, automated, cloud-native protections, compliance enforcement and event analysis. This way, they can keep pace with the needs of the business while ensuring continuous security and compliance.”

Security pros said the biggest threats their organisations were exposed to through their use of public cloud environments were misconfiguration (68%), unauthorised access (58%), insecure interfaces (52%) and account hijacking (50%).

In terms of security barriers to cloud adoption, survey respondents cited a lack of qualified staff, budget constraints, data privacy issues and a lack of integration with existing, on-premise security tools. In fact, an overwhelming majority of 82% said that traditional security solutions either did not work at all or were only capable of providing limited functionality in public cloud environments. This was a rise of over 15% compared to the 2019 edition of the report, most likely highlighting the increased amount of cloud adoption in the past 12 months.

Security pros also tended to perceive public cloud environments as inherently riskier than on-premise environments, albeit by a slim majority of 52%, while 17% saw lower risk and 30% reckoned the two were about the same. Nevertheless, the majority seemed to be optimistic that their cloud security budgets would increase over the next 12 months, with 59% expecting this to be the case.

Check Point noted that, on average, organisations currently allocate about 27% of their total security budget to the cloud.