New CSPM Report Highlights The Perceived Security Gap For Cloud Infrastructure

Uploaded on 2021-08-11 in TECHNOLOGY--Resilience, FREE TO VIEW

A security gap describes the difference between the level of security currently in place for your network, systems, or cloud infrastructure and the level of protection you should have for those digital assets. It’s a helpful metric because it allows you to identify areas where you need to focus more and apply additional resources. 

In this article, we will examine a different kind of security gap. This increasingly more important gap describes the difference between the level of security you think you have and the level of protection you actually have. It’s a gap between perception and reality so let’s call this the “perceived security gap.” 

Several key indicators of the significant gap between the perceived and actual levels of cloud security come from the 2021 State of Cloud Security Posture Management Report provided by the expert cloud security specialist OpsCompass. Published in June 2021, this study indicates that confidence in cloud security posture is high among IT professionals, yet most have experienced a cloud-related breach. 

The survey queried 253 full-time, US-based IT professionals who deploy, develop, or manage cloud applications or infrastructure. Additionally, 91 percent of the respondents are working with multi- or hybrid-cloud solutions. “These findings confirm what we’ve observed firsthand — cloud security is a major challenge,” said John Grange, CTO and co-founder of OpsCompass.

Cloud managers face several challenges that can compromise their environments, not the least of which are data leaks and configuration drift. In addition, visibility across their cloud environment and related issues, including misconfigurations, keep them up at night, as does managing identity and security baselines. 

Nearly 70 percent of the respondents said they have a high degree of confidence in their cloud security, visibility, and compliance capabilities. However, at the same time, more than half reported experiencing a breach. Additionally, one-third said they would not be surprised to see that their organization was breached. 

It is clear that many IT professionals are overconfident in their overall security capabilities, and it’s not the rank and file users in their organization they are most worried about. According to the survey, they’re most concerned about configuration errors, malicious insiders, and compromised accounts. They fear a breach will come from malicious software or malicious actors, as opposed to human error.

It is interesting to note that 93 percent of the survey’s respondents stated that their organization has a high level of visibility into their cloud environment. This answer would indicate that they believe their organization can continuously track and monitor all assets, configuration, deployments, and more. However, it is doubtful that they have the visibility and control they think they have, given that over half have experienced a breach. 

This false sense of security (in every sense of the word), or perceived security gap, must be addressed by actual, not perceived, real-time visibility, intelligence, and control.

Enabling operations teams to proactively know what’s in their cloud and what they need to fix is the best way to close the perceived security gap. 

Contributed by OpsCompass

You Might Also Read:

Financial Organisations Are Migrating To The Cloud:

 

« Japan’s New Cyber Security Strategy
Stolen: Over $600 Million In Crypto Currencies »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

2|SEC Consulting (2-SEC)

2|SEC Consulting (2-SEC)

At 2|SEC Consulting, we deliver an end-to-end service of cyber and information security solutions which are tailored to each client’s exact security needs.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

Keyfactor

Keyfactor

Keyfactor is a leader in cloud-first PKI as-a-Service and crypto-agility solutions. Our Crypto-Agility Platform seamlessly orchestrates every key and certificate across the enterprise.

Data Security Council of India (DSCI)

Data Security Council of India (DSCI)

DSCI is a premier industry body on cyber security and data protection in India, committed to making the cyberspace safe, secure and trusted.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

NeuShield

NeuShield

NeuShield is the only anti-ransomware technology that can recover your damaged data from malicious software attacks without a backup.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

Exalens

Exalens

With deep roots in AI-driven cyber-physical security research and intrusion detection, at Exalens, we are enhancing operational resilience for cyber-physical systems at the OT edge.

Valeo Networks

Valeo Networks

Valeo Networks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Sentryc

Sentryc

Sentryc provides automated monitoring of brands on online marketplaces and social media making online brand protection processes faster, more clearly structured and more efficient.

Phriendly Phishing

Phriendly Phishing

Phriendly Phishing offers phishing awareness training programs designed to ward off potential security threats and minimise the impact of cyber attacks.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.