"Major Threats to Cloud Infrastructure Security Include a Lack of Visibility And Inadequate IAM"
Researchers at Ermetic conducted a new study where they surveyed 200 CISOs and other security decision-makers and found that nearly 60% of the participants consider lack of visibility as well as inadequate identity and access management a significant threat to their cloud infrastructure. The participants also cited access risk and infrastructure security among their top cloud security priorities for the next 18 months. Most (98%) of the companies in the survey experienced a cloud data breach in the past 18 months, compared to 79% last year. More than half of the companies (67%) reported three or more incidents in the past 18 months. Most (83%) of the enterprises stated that at least one of their cloud breaches was related to access. More than half (63%) of respondents said that their organization had sensitive data exposed in the cloud, and this number increased to 85% for companies with annual cloud infrastructure budgets of $50M or more. Many (71%) of the organizations use commercial security tools offered by cloud providers and reported that these tools require a lot of time. Only 20% of organizations said they are very satisfied with their cloud security posture. Most of the companies (92%) stated they tried, are trying, or will try to implement least privilege in the cloud in the next 12 months. Half of large organizations reported they are struggling to implement least privilege.