New CSPM Report Highlights The Perceived Security Gap For Cloud Infrastructure

A security gap describes the difference between the level of security currently in place for your network, systems, or cloud infrastructure and the level of protection you should have for those digital assets. It’s a helpful metric because it allows you to identify areas where you need to focus more and apply additional resources. 

In this article, we will examine a different kind of security gap. This increasingly more important gap describes the difference between the level of security you think you have and the level of protection you actually have. It’s a gap between perception and reality so let’s call this the “perceived security gap.” 

Several key indicators of the significant gap between the perceived and actual levels of cloud security come from the 2021 State of Cloud Security Posture Management Report provided by the expert cloud security specialist OpsCompass. Published in June 2021, this study indicates that confidence in cloud security posture is high among IT professionals, yet most have experienced a cloud-related breach. 

The survey queried 253 full-time, US-based IT professionals who deploy, develop, or manage cloud applications or infrastructure. Additionally, 91 percent of the respondents are working with multi- or hybrid-cloud solutions. “These findings confirm what we’ve observed firsthand — cloud security is a major challenge,” said John Grange, CTO and co-founder of OpsCompass.

Cloud managers face several challenges that can compromise their environments, not the least of which are data leaks and configuration drift. In addition, visibility across their cloud environment and related issues, including misconfigurations, keep them up at night, as does managing identity and security baselines. 

Nearly 70 percent of the respondents said they have a high degree of confidence in their cloud security, visibility, and compliance capabilities. However, at the same time, more than half reported experiencing a breach. Additionally, one-third said they would not be surprised to see that their organization was breached. 

It is clear that many IT professionals are overconfident in their overall security capabilities, and it’s not the rank and file users in their organization they are most worried about. According to the survey, they’re most concerned about configuration errors, malicious insiders, and compromised accounts. They fear a breach will come from malicious software or malicious actors, as opposed to human error.

It is interesting to note that 93 percent of the survey’s respondents stated that their organization has a high level of visibility into their cloud environment. This answer would indicate that they believe their organization can continuously track and monitor all assets, configuration, deployments, and more. However, it is doubtful that they have the visibility and control they think they have, given that over half have experienced a breach. 

This false sense of security (in every sense of the word), or perceived security gap, must be addressed by actual, not perceived, real-time visibility, intelligence, and control.

Enabling operations teams to proactively know what’s in their cloud and what they need to fix is the best way to close the perceived security gap. 

Contributed by OpsCompass

You Might Also Read:

Financial Organisations Are Migrating To The Cloud:

 

« Japan’s New Cyber Security Strategy
Stolen: Over $600 Million In Crypto Currencies »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Chatham House Cyber Conference

Chatham House Cyber Conference

14 June 2023 - Connect with cyber security experts and senior policymakers to explore the role of cyber security in the global economy and how to deliver an open and secure internet.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

PSC

PSC

PSC is a leading PCI and PA DSS assessor and Approved Scanning Vendor.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

Certego

Certego

Certego is a company of the VEM Sistemi Group specialised in providing managed computer security services and to combat Cyber Crime.

ITC Secure Networking

ITC Secure Networking

ITC are a leading cloud-based MSSP delivering service innovation in cyber security analytics & cloud technology.

FarrPoint

FarrPoint

FarrPoint is a specialist telecoms consultancy providing a range of services including cyber security assessments and technical assurance to safeguard your data.

LSEC

LSEC

LSEC is a not for profit organization that has the objective to promote Information Security and the expertise in BeNeLux and Europe.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with an established global presence providing solutions to protect, store, move and recover all mission-critical data.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

Multitel

Multitel

Multitel is an independent research centre. We develop and integrate emerging technologies into the industrial fabric at the regional and international levels.

HyperQube

HyperQube

HyperQube is a “cyber range as a service” offering that enables enterprises to quickly and easily build an exact copy of any IT infrastructure.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

Hold Security

Hold Security

Hold Security works with companies of all sizes to provide unparalleled Threat Intelligence services that actually make a difference.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

Cycurion

Cycurion

Cycurion is a global leading provider of Network Communications and Information Technology Security Solutions.