Despite the numerous benefits companies are reaping from the cloud, such as: scalability and flexibility, effectively securing the cloud continues to be a challenge.
The survey shows that misconfigurations are the top cloud security issue, with 59 percent of respondents. Not only do these misconfigurations leave organizations vulnerable, they also prevent them from realizing the full potential of the cloud.
48 percent increase in cloud-based network attacks
Not surprisingly, organizations are rapidly expanding their cloud footprint: 58 percent plan to store more than 12 percent of their workload in the cloud within the next 18 to 50 months. However, the survey points to a pressing concern: 72 percent of respondents have trouble managing access to multiple security solutions, creating confusion and compromising the security of cloud management.
The increasing complexity of understanding and protecting the cloud threat surface has become a major concern for IT leaders as vulnerabilities are left unchecked. Malicious actors are taking advantage of these challenges, according to Check Point Research's report, which predicted a staggering 2022 percent year-over-year increase in cloud-based network attacks in 48.
Too high complexity, lack of transparency and control
The survey shows that companies have implemented various technologies and strategies to manage their complex cloud environments. However, the complexity and lack of transparency and control lead to confusion. A worrying trend: 26 percent of organizations have 20 or more security policies in place, leading to alert fatigue and hampering response teams' ability to effectively address high-risk incidents.
Most notably, 90 percent of respondents prefer a single cloud security platform that simplifies management. Additionally, an overwhelming 71 percent of organizations have more than six security policies in place, with 68 percent finding the multitude of alerts due to the use of multiple tools overwhelming, underscoring the need for a comprehensive and collaborative cloud security solution.
Risk: Cloud misconfigurations
“Our survey found that cloud misconfigurations are the top concern of today's CISOs. However, what sets successful cloud security organizations apart is the ability not only to identify misconfigurations, but also to understand their contextual relevance and prioritize their remediation,” said TJ Gonen, VP of Cloud Security at Check Point Software Technologies.
“Understanding which misconfigurations really pose a risk to business operations is critical. Equally important is the ability to quickly and effectively remediate these vulnerabilities to maintain a strong security posture. It is imperative for organizations to choose a comprehensive solution that goes beyond superficial detection.”
Key findings from the 2023 Cloud Security Report include:
Biggest Challenges: Misconfiguration of cloud platforms or improper setup (59 percent) is the top security threat, followed by exfiltration of sensitive data (51 percent), insecure interfaces/APIs (51 percent), and unauthorized access (49 percent).
Security incidents in the cloud: Twenty-four percent of respondents reported security incidents related to the public cloud, with misconfigurations, account compromise, and vulnerability exploits being the most common incidents.
Management of cloud configuration and security policies: While 62 percent of organizations use native cloud tools for configuration management, 29 percent rely on dedicated cloud security posture management (CSPM) solutions.
DevSecOps, CIEM and unified security management: 37 percent of respondents have adopted DevSecOps in specific areas of their organization, while 19 percent have implemented a comprehensive program.
Robust security measures required
The report concludes by noting the need for organizations to proactively address cloud security challenges. In a cloud environment, the scale, speed and reach of operations are amplified, necessitating robust security measures. Check Point CloudGuard takes advantage of unification and contextual intelligence, enabling organizations to run actionable security and smarter prevention.
About the survey:
The Cloud Security Report 2023 was conducted in April 2023 among 1052 cybersecurity professionals from North America, Europe, Asia Pacific and other countries. Respondents were a diverse mix of executives, IT security professionals and employees from companies of different sizes and from different industries. The survey examines how companies using cloud services address security issues and what certifications, training and best practices are prioritized by IT security leaders.
Go straight to the Cloud Security Report on CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.