Companies’ cloud security getting better – but slowly, argues SANS Institute

Cloud security best practices are improving – but there is still a long way to go, according to a new report from SANS Institute.

The study, which polled several hundred respondents across the IT spectrum, came about, as author Dave Shackleford put it, as the result of concerning news stories around the security space. IDC found back in April that worldwide IT security spending would hit $103.1 billion by the end of this year – but stories continue to persist, particularly around open Amazon S3 buckets. Misinformation around shared responsibility, as this publication has regularly perused, continues to persist.

The survey respondents were most likely to have two or three public cloud providers on spec, with almost half using cloud network access services (43%) and more than a third (35%) using cloud access security brokers (CASBs). Approximately half of those polled said they have BI data (48.2%) and intellectual property data (47.7%).

The study explored organisations' biggest cloud security concerns and then correlated them with incidents that had actually occured. For instance, while 42% of respondents expressed worry about a lack of training within the organisation on public cloud services, 28% said this was a genuine issue over the past 12 months.

Number one on the worry list, cited by 55.6% of those polled, was unauthorised access to cloud services by outsiders. It was also the biggest concern in the 2017 survey. Yet 19% of respondents said it was something their organisation had to deal with. This is still a major number, of course, and the report noted how much of a concern it was, saying there was a 'significant increase.'

Looking at the technologies deployed to combat the criminals, VPNs were the most popular, used by almost 90% of respondents with three quarters of that managed internally. Anti-malware, log and event management, multi-factor authentication and vulnerability scanning were deployed by approximately four in five of those polled.

"The state of cloud security seems to be improving, albeit slowly. Cloud providers are becoming more open and accommodating of security data and controls, and more vendor solutions are able to bridge the gap between implementations on-premises and in the cloud.

"There's progress, and more acceptance of in-cloud controls and services – but that progress is still slow." in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.