"36% of Organizations Suffered a Serious Cloud Security Data Leak or a Breach in The Past Year"
Researchers at Fugue and Sonatype surveyed 300 cloud pros, including cloud engineers, security engineers, DevOps, and architects. The researchers found that 36% of organizations suffered a serious cloud security data leak or a breach in the past 12 months and that eight out of ten organizations are worried that they’re vulnerable to a significant data breach related to cloud misconfiguration. More than half (64%) of respondents stated the problem would worsen or remain unchanged over the next year. The researchers noted that cloud misconfiguration mistakes are a significant insider threat. During the study, the researchers found that the primary causes of cloud misconfiguration are too many APIs and interfaces to govern (32%), a lack of controls and oversight (31%), a lack of policy awareness (27%), and negligence (23%). Almost a quarter of respondents (21%) said they are not checking Infrastructure as Code (IaC) before deployment, and 20% aren’t adequately monitoring their cloud environment for misconfiguration. The researchers also found that traditional security challenges play a significant role in cloud security, such as alert fatigue (cited by 21%) and false positives (27%), and human error (38%). The demand for cloud security expertise continues to outpace supply, and 36% of respondents cited challenges in hiring and retaining the cloud security experts, and 35% cited challenges sufficiently training their cloud teams on security.