More than 80% of firms had cloud security incidents in the last year, says study

New research has revealed that over 80% of organisations have experienced a cloud-related security incident in the last year, with almost half suffering at least four.

The study, produced by machine identity management provider Venafi, found that security and operational complexity connected with cloud deployments could be the cause of the increased amount of security incidents.

An issue that Venafi only expects to increase with organisations currently expecting to up the amount of their applications on the cloud from 40% to over 60% in the next one and half years.

More than half of the security decision makers (SDMs) in the study see that the cloud attracts more security risks than on-premise.

The three most cloud-related security incidents are security incidents during runtime, unauthorised access and misconfigurations.

Major vulnerabilities that have not been remediated are also a cause for security incidents, as well as a failed audit.

Concerns the SDMs have in relation to moving on the cloud are hijacking of accounts, ransomware attacks and nation state attacks.

“Attackers are now on board with business’s shift to cloud computing,” says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, adding: “The ripest target of attack in the cloud is identity management, especially machine identities.”

The study also investigated how responsibility for securing cloud-based applications is assigned across internal teams.

It found that enterprise security teams (25%) were the most likely to manage app security in the cloud, followed by operations teams responsible for cloud infrastructure (23%), and then it’s usually a collaborative effort shared between multiple teams (22%).

Other than that, it’s sometimes up to developers writing the cloud applications to secure it (16%), or the DevSecOps team (10%).

Venafi said that it found that sharing the responsibility for securing cloud-based applications can cause lack of visibility between teams. If it is shared between developers and the security teams, for instance,  often one team doesn;t know what the other is doing. Without that knowledge, often security teams cannot properly evaluate how secure applications are.

“Security teams want to collaborate and share responsibility with the developers who are cloud experts, but all too often they’re left out of cloud security decisions,” says Bocek.

“We need to reset the approach to cloud security and create consistent, observable, controllable security services across clouds and applications.”

One major cyber security threat is ransomware. To read all about this threat – and how businesses can tackle it – check out TechInformed’s four-part Ransomware report by CLICKING HERE