New CSPM Report Highlights The Perceived Security Gap For Cloud Infrastructure

A security gap describes the difference between the level of security currently in place for your network, systems, or cloud infrastructure and the level of protection you should have for those digital assets. It’s a helpful metric because it allows you to identify areas where you need to focus more and apply additional resources. 

In this article, we will examine a different kind of security gap. This increasingly more important gap describes the difference between the level of security you think you have and the level of protection you actually have. It’s a gap between perception and reality so let’s call this the “perceived security gap.” 

Several key indicators of the significant gap between the perceived and actual levels of cloud security come from the 2021 State of Cloud Security Posture Management Report provided by the expert cloud security specialist OpsCompass. Published in June 2021, this study indicates that confidence in cloud security posture is high among IT professionals, yet most have experienced a cloud-related breach. 

The survey queried 253 full-time, US-based IT professionals who deploy, develop, or manage cloud applications or infrastructure. Additionally, 91 percent of the respondents are working with multi- or hybrid-cloud solutions. “These findings confirm what we’ve observed firsthand — cloud security is a major challenge,” said John Grange, CTO and co-founder of OpsCompass.

Cloud managers face several challenges that can compromise their environments, not the least of which are data leaks and configuration drift. In addition, visibility across their cloud environment and related issues, including misconfigurations, keep them up at night, as does managing identity and security baselines. 

Nearly 70 percent of the respondents said they have a high degree of confidence in their cloud security, visibility, and compliance capabilities. However, at the same time, more than half reported experiencing a breach. Additionally, one-third said they would not be surprised to see that their organization was breached. 

It is clear that many IT professionals are overconfident in their overall security capabilities, and it’s not the rank and file users in their organization they are most worried about. According to the survey, they’re most concerned about configuration errors, malicious insiders, and compromised accounts. They fear a breach will come from malicious software or malicious actors, as opposed to human error.

It is interesting to note that 93 percent of the survey’s respondents stated that their organization has a high level of visibility into their cloud environment. This answer would indicate that they believe their organization can continuously track and monitor all assets, configuration, deployments, and more. However, it is doubtful that they have the visibility and control they think they have, given that over half have experienced a breach. 

This false sense of security (in every sense of the word), or perceived security gap, must be addressed by actual, not perceived, real-time visibility, intelligence, and control.

Enabling operations teams to proactively know what’s in their cloud and what they need to fix is the best way to close the perceived security gap. 

Contributed by OpsCompass

You Might Also Read:

Financial Organisations Are Migrating To The Cloud:

 

« Japan’s New Cyber Security Strategy
Stolen: Over $600 Million In Crypto Currencies »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

Dermalog Identification Systems

Dermalog Identification Systems

Dermalog Identification Systems is a pioneer in biometry and the largest German manufacturer of biometric devices and systems.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

Secure Blockchain Technologies (SBT)

Secure Blockchain Technologies (SBT)

SBT is a team of Enterprise IT Security Professionals weaving security and Blockchain Technology into our customer’s operational fabric.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

Cybil

Cybil

Cybil is a publicly-available portal where members of the international cyber capacity building community can find and share information to support the design and delivery of programs and projects.

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

White Tuque

White Tuque

A new way to protect your organization. White Tuque is your partner in identifying threats, understanding your risk, and ensuring your business remains resilient.

SGTech

SGTech

SGTech is the leading trade association for Singapore's tech industry, offering focused support and development to both strategic and emerging sectors in the industry.

Xact IT Solutions

Xact IT Solutions

Xact IT Solutions are a certified cybersecurity firm offering cybersecurity, compliance and managed services.

Darwinium

Darwinium

Darwinium is a Cyberfraud Prevention Platform that provides scalable customer journey protection without complexity.