New CSPM Report Highlights The Perceived Security Gap For Cloud Infrastructure

Uploaded on 2021-08-11 in TECHNOLOGY--Resilience, FREE TO VIEW

A security gap describes the difference between the level of security currently in place for your network, systems, or cloud infrastructure and the level of protection you should have for those digital assets. It’s a helpful metric because it allows you to identify areas where you need to focus more and apply additional resources. 

In this article, we will examine a different kind of security gap. This increasingly more important gap describes the difference between the level of security you think you have and the level of protection you actually have. It’s a gap between perception and reality so let’s call this the “perceived security gap.” 

Several key indicators of the significant gap between the perceived and actual levels of cloud security come from the 2021 State of Cloud Security Posture Management Report provided by the expert cloud security specialist OpsCompass. Published in June 2021, this study indicates that confidence in cloud security posture is high among IT professionals, yet most have experienced a cloud-related breach. 

The survey queried 253 full-time, US-based IT professionals who deploy, develop, or manage cloud applications or infrastructure. Additionally, 91 percent of the respondents are working with multi- or hybrid-cloud solutions. “These findings confirm what we’ve observed firsthand — cloud security is a major challenge,” said John Grange, CTO and co-founder of OpsCompass.

Cloud managers face several challenges that can compromise their environments, not the least of which are data leaks and configuration drift. In addition, visibility across their cloud environment and related issues, including misconfigurations, keep them up at night, as does managing identity and security baselines. 

Nearly 70 percent of the respondents said they have a high degree of confidence in their cloud security, visibility, and compliance capabilities. However, at the same time, more than half reported experiencing a breach. Additionally, one-third said they would not be surprised to see that their organization was breached. 

It is clear that many IT professionals are overconfident in their overall security capabilities, and it’s not the rank and file users in their organization they are most worried about. According to the survey, they’re most concerned about configuration errors, malicious insiders, and compromised accounts. They fear a breach will come from malicious software or malicious actors, as opposed to human error.

It is interesting to note that 93 percent of the survey’s respondents stated that their organization has a high level of visibility into their cloud environment. This answer would indicate that they believe their organization can continuously track and monitor all assets, configuration, deployments, and more. However, it is doubtful that they have the visibility and control they think they have, given that over half have experienced a breach. 

This false sense of security (in every sense of the word), or perceived security gap, must be addressed by actual, not perceived, real-time visibility, intelligence, and control.

Enabling operations teams to proactively know what’s in their cloud and what they need to fix is the best way to close the perceived security gap. 

Contributed by OpsCompass

You Might Also Read:

Financial Organisations Are Migrating To The Cloud:

 

« Japan’s New Cyber Security Strategy
Stolen: Over $600 Million In Crypto Currencies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Technology Industries of Finland (TIF)

Technology Industries of Finland (TIF)

Technology Industries of Finland (TIF) is a business and labour market lobbying organization that promotes the competitiveness and business conditions of Finland’s most crucial export industry.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

CyberSure

CyberSure

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

Pixm

Pixm

Pixm’s computer vision based approach offers a truly unique and effective means to protect organizations from web-based phishing attacks.

Dynamic Quest

Dynamic Quest

Dynamic Quest is a managed IT, cloud and security services companies, providing a comprehensive range of technology services including cybersecurity, backup and disaster recovery.

FYEO

FYEO

FYEO is a threat monitoring and identity access management platform for consumers, enterprises and SMBs.

Ankura Consulting Group

Ankura Consulting Group

Ankura is a global expert services and advisory firm that delivers services and end-to-end solutions in a wide range of areas including cybersecurity and digital transformation.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

TokenEx

TokenEx

TokenEx Cloud Security Platform protects sensitive data to strengthen our clients' security postures while future-proofing their operations.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

xdr.global

xdr.global

Xdr.global is a cybersecurity consulting firm, focused on promoting and aligning Extended Detection and Response (XDR) security solutions.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.