WHAT CAN
ORGANISATIONS
DO TO PREVENT
CLOUD APPLICATION
ATTACKS?
T
he state of
cloud security is
improving, albeit
slowly, according
to results of the
2019 SANS State
of Cloud Security
survey released by SANS Institute.
The survey found that more respondents’
organisations experienced unauthorised
access to cloud environments or cloud
assets by outsiders: 31% in 2019
compared with just 19% in 2017.
And concern about that access has
remained high, with 56% of 2019
respondents listing it as a concern. The
concern for data breaches by cloud
provider personnel dropped from 53% in
2017 to 44% this year, which may indicate
some growth in trust in the providers.
Other major concerns included inability
to respond to incidents (52%), lack
www.intelligentciso.com
|
Issue 14
those who have (or believe they have)
experienced a breach is roughly the
same as it was in 2017.
of visibility into what data is being
processed and where (51%) and
unauthorised access to data from other
cloud tenants at 50%.
It does not appear that these concerns
have translated into an increase in
breaches. In 2019, 72% of respondents
said they weren’t aware of an actual
breach, compared with 59% in 2017.
While 7% were not sure at all (compared
with 21% in 2017), 11% said they did
experience a breach and a further
11% said they thought they had but
could not prove it. The percentage of
Dave Shackleford, SANS Senior
Instructor and Analyst, said:
“Organisations are continually evolving
in their use of cloud services, looking to
the cloud for procurement, management
and other functions.
“Along with that movement, organisations
are placing more and more sensitive
data in the cloud and facing a variety of
security concerns.”
He added: “Cloud providers are becoming
more open and accommodating of
security data and controls.
And more vendor solutions are
able to bridge the gap between
implementations on-premises and in
the cloud, providing slow but sure
improvement in cloud security.”
27