A new research has revealed that 80% of organizations suffered at least one cloud data breach in the past 18 months, while 43% of companies reported 10 or more cloud data breaches.
Ermetic’s research disclosed that nearly 80% of respondents are unable to identify excessive access to sensitive data in IaaS/PaaS environments, while the top three security concerns associated with cloud production environments include:
- Security misconfiguration (67%)
- Lack of adequate visibility into access settings and activities (64%)
- Identity and access management (IAM) permission errors (61%)
According to the research, most of the cloud data breaches occur due excessive permissions to access cloud data. Cybercriminals could use this opportunity for malicious activities like stealing sensitive data, deploying malware, or disrupting critical business operations. “Excessive permissions may go unnoticed as they are often granted by default when a new resource or service is added to the cloud environment,” the report said.
Shai Morag, CEO of Ermetic, said, “Even though most of the companies surveyed are already using IAM, data loss prevention, data classification and privileged account management products, more than half claimed these were not adequate for protecting cloud environments. Two-thirds cited cloud-native capabilities for authorization and permission management, and security configuration as either a high or an essential priority.”
Some other key findings of the report include:
- Top three cloud security priorities are compliance monitoring (78%), authorization and permission management (75%), and security configuration management (73%)
- Top cloud access security priorities are maintaining confidentiality of sensitive data (67%), regulatory compliance (61%) and providing the right level of access (53%)
- Top cloud access security challenges are insufficient personal/expertise (66%), integrating disparate security solutions (52%) and lack of solutions that can meet their needs (39%)
The research findings are based on the responses from 300 senior security decision makers in the U.S. across the banking (12%), insurance (10%), health care (11%), government entities (8%), utilities (9%), manufacturing (10%), retail (9%), media (11%), software (10%), and pharmaceutical (10%) sectors.
