Some 76 percent of organizations are highly concerned about cloud security threats, according to a Check Point survey, as global cloud-based cyberattacks increase by 48 percent.
Top challenges include misconfigured or improperly set up cloud platforms (59%) as the most serious security threat, followed by sensitive data breaches (51%), insecure interfaces/APIs (51%) and unauthorized access (49%). Check Point Software Technologies, a leading global provider of cybersecurity solutions, in partnership with research firm Cybersecurity Insiders, said in its 2023 Cloud Security Report.
Twenty-four percent of respondents reported experiencing a public cloud-related security incident, with misconfigurations, compromised accounts, and exploits being the most common incident types.
cloud native tools
While 62 percent of organizations leverage cloud-native tools for configuration management, 29 percent rely on a dedicated cloud security posture management solution (CSPM).
Thirty-seven percent of respondents have adopted DevSecOps in some area of their organization, while 19 percent have implemented a comprehensive plan.
Based on an extensive survey of more than 1,000 cybersecurity professionals worldwide, the report provides key insights into the current state of cloud security management, highlighting pervasive challenges and opportunities.
While organizations gain many benefits from the cloud, such as scalability and flexibility, effectively securing the cloud remains a challenge. According to the survey, misconfiguration is the leading cloud security concern, affecting approximately 59% of respondents. These misconfigurations not only leave organizations vulnerable, but also hinder their ability to fully utilize the cloud’s potential.
Expand cloud assets
Not surprisingly, enterprises are rapidly expanding their cloud assets, with 58 percent planning to store more than 50 percent of their workloads in the cloud within the next 12 to 18 months.
The growing complexity of understanding and securing the cloud threat surface has become a major concern for IT leaders, leaving vulnerabilities unchecked. Malicious actors are taking advantage of these challenges, as the Check Point research report demonstrates.
The survey revealed that organizations have implemented a variety of technologies and strategies to manage their complex cloud environments. However, complexity and lack of visibility and control lead to confusion. Twenty-six percent of organizations have 20 or more security policies in place, leading to alert fatigue and hindering response teams’ ability to effectively respond to high-risk incidents.
Notably, 90 percent of respondents said they would prefer a single cloud security platform that simplifies management. Additionally, an overwhelming 71% of organizations have six or more security policies in place, with 68% finding themselves overwhelmed by the volume of alerts due to the use of multiple tools, emphasizing the need for a comprehensive and collaborative cloud security solution.
“Our survey found that cloud misconfigurations are the top concern of CISOs today. However, successful cloud security organizations are unique not only in their ability to identify misconfigurations, but also in their ability to grasp their contextual relevance and prioritize solutions ,” said TJ Gonen, vice president of cloud security at Check Point Software Technologies.
“Understanding which misconfigurations truly pose a risk to business operations is critical. So is the ability to address these vulnerabilities quickly and efficiently to maintain a strong security posture. Enterprises must opt for comprehensive solutions that go beyond superficial detection.”
The report concludes by emphasizing the need for organizations to proactively address cloud security challenges. In a cloud environment, the scale, speed, and scope of operations are amplified, requiring robust security measures. Check Point CloudGuard harnesses the power of unification and contextual intelligence to enable organizations to drive actionable security and smarter prevention. — trade arab news agency