The gap between cloud operations and security operations is growing
- Published: Wednesday, 02 May 2018 08:04
Ixia has released its 2018 Security Report, highlighting the company’s biggest security findings over the past year from its Application and Threat Intelligence (ATI) Research Center. The report analyzes the growing exposure to cybersecurity risks as enterprises operate more of their workloads in the cloud.
The second annual Ixia 2018 Security Report analyzes how enterprise network attack surfaces are increasing as the perimeter of the traditional network expands into the cloud. Ixia survey data in the report shows that over 90 percent of enterprises are concerned about data and application security in public clouds, while nearly 60 percent of respondents reported that public cloud environments make it more difficult to obtain visibility into data traffic.
87 percent of enterprises had also suffered downtime of an hour or more during their last network outage. Also, 88 percent had experienced a business-related issue from a lack of visibility into public cloud traffic.
Key findings from the 2018 Security Report include:
- The gap between cloud operations and security operations is growing: nearly 73 percent of public cloud instances had one or more serious security misconfigurations. The combination of cloud growth and a high number of security misconfigurations suggests there will be more breaches in 2018 where cloud is a factor.
- Cloud security and compliance are top priorities in 2018: the top priorities for enterprises in public cloud environments over the next 12 months are: securing data and applications (cited by 43 percent of enterprises) and satisfying compliance requirements (35 percent).
- As cyberattacks evolve, more focus should be on visibility and detection: as enterprises continue to struggle with preventing breaches, a mind-shift is required to detect breaches once they occur, especially when an average of 191 days passes between intrusion and detection according to a recent Ponemon study.
- Cyber crime is good business (for cyber criminals): Where 2017 was the year of ransomware, 2018 is set to be the year of crypto-jacking. Over 500 million PCs are being used for crypto-mining without the owners’ knowledge. Mining crypto-currencies provides hackers with a high-profit return that is far stealthier than a ransom attack.
- Encryption is making business more secure for customers (and hackers too): in 2017, over half of all web traffic was encrypted. Hackers are exploiting this trend, hiding malicious traffic in encrypted streams, which makes detection via traditional means impossible. The advent of TLS 1.3 using ephemeral key encryption requires changes in the approach to encryption.
The full report is available from: https://www.ixiacom.com/resources/2018-security-report