New CSPM Report Highlights The Perceived Security Gap For Cloud Infrastructure

Uploaded on 2021-08-11 in TECHNOLOGY--Resilience, FREE TO VIEW

A security gap describes the difference between the level of security currently in place for your network, systems, or cloud infrastructure and the level of protection you should have for those digital assets. It’s a helpful metric because it allows you to identify areas where you need to focus more and apply additional resources. 

In this article, we will examine a different kind of security gap. This increasingly more important gap describes the difference between the level of security you think you have and the level of protection you actually have. It’s a gap between perception and reality so let’s call this the “perceived security gap.” 

Several key indicators of the significant gap between the perceived and actual levels of cloud security come from the 2021 State of Cloud Security Posture Management Report provided by the expert cloud security specialist OpsCompass. Published in June 2021, this study indicates that confidence in cloud security posture is high among IT professionals, yet most have experienced a cloud-related breach. 

The survey queried 253 full-time, US-based IT professionals who deploy, develop, or manage cloud applications or infrastructure. Additionally, 91 percent of the respondents are working with multi- or hybrid-cloud solutions. “These findings confirm what we’ve observed firsthand — cloud security is a major challenge,” said John Grange, CTO and co-founder of OpsCompass.

Cloud managers face several challenges that can compromise their environments, not the least of which are data leaks and configuration drift. In addition, visibility across their cloud environment and related issues, including misconfigurations, keep them up at night, as does managing identity and security baselines. 

Nearly 70 percent of the respondents said they have a high degree of confidence in their cloud security, visibility, and compliance capabilities. However, at the same time, more than half reported experiencing a breach. Additionally, one-third said they would not be surprised to see that their organization was breached. 

It is clear that many IT professionals are overconfident in their overall security capabilities, and it’s not the rank and file users in their organization they are most worried about. According to the survey, they’re most concerned about configuration errors, malicious insiders, and compromised accounts. They fear a breach will come from malicious software or malicious actors, as opposed to human error.

It is interesting to note that 93 percent of the survey’s respondents stated that their organization has a high level of visibility into their cloud environment. This answer would indicate that they believe their organization can continuously track and monitor all assets, configuration, deployments, and more. However, it is doubtful that they have the visibility and control they think they have, given that over half have experienced a breach. 

This false sense of security (in every sense of the word), or perceived security gap, must be addressed by actual, not perceived, real-time visibility, intelligence, and control.

Enabling operations teams to proactively know what’s in their cloud and what they need to fix is the best way to close the perceived security gap. 

Contributed by OpsCompass

You Might Also Read:

Financial Organisations Are Migrating To The Cloud:

 

« Japan’s New Cyber Security Strategy
Stolen: Over $600 Million In Crypto Currencies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Chatham House

Chatham House

Chatham House is an independent policy institute based in London. Topics cover foreign affairs and defence including cyber security.

Hodgson Russ

Hodgson Russ

Hodgson Russ is a US business law firm. Practice areas include Privacy, Data Breach & Cybersecurity.

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

Cyberia Group

Cyberia Group

Cyberia is a leading Internet and Security services provider with operations in Saudi Arabia, Lebanon and Jordan.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

Foundries.io

Foundries.io

Foundries.io have built a secure, open source platform for the world's connected devices, and a cloud service to configure this to any hardware and any cloud.

Cubro Network Visibility

Cubro Network Visibility

Cubro network visibility solutions remove network monitoring ‘blind spots’ to provide enhanced visibility and control of all data transiting a company’s network.

Innovex Global

Innovex Global

Innovex is a full-service executive search and advisory business that engages with early-stage startups, scale-ups, and established businesses in the Fintech, Cybersecurity and Technology industries.

Rootshell Security

Rootshell Security

Rootshell Security is transforming vulnerability management with its vendor-agnostic Prism Platform and industry-leading offensive security assessments.

ActiveFence

ActiveFence

ActiveFence enables Trust & Safety teams to be proactive about online integrity so they can keep their users safe from online harm – across content formats, languages, and abuse areas.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

Tyto Athene

Tyto Athene

At Tyto Athene, we harness the power of technology to provide solutions that shape the future.