Check Point, in collaboration with Cybersecurity Insiders, has released its 2023 Cloud Security Report. The report, based on a survey of over 1,000 cyber security professionals worldwide, provides insights into the current state of cloud security management. The findings shed light on the persistent threat posed by misconfigurations, which remain a significant concern for organizations.
Despite the numerous benefits organizations derive from the cloud, such as scalability and flexibility, effectively securing it continues to be a challenge. The survey reveals that misconfigurations rank as the primary cloud security concern, affecting a concerning 59 percent of respondents. These misconfigurations not only leave organizations vulnerable but also impede their ability to fully leverage the potential of the cloud.
Not surprisingly, businesses are rapidly expanding their cloud estates, with 58 percent planning to store over 50 percent of their workload in the cloud within the next 12 to 18 months. However, the survey highlights a pressing issue: a significant 72 percent of respondents struggle with managing access to multiple security solutions, resulting in confusion and compromising cloud management security. The increasing complexity of understanding and safeguarding the cloud’s threat surface has become a significant concern for IT leaders, leaving vulnerabilities unchecked. Malicious actors are capitalizing on these challenges.
The survey reveals that organizations have implemented various technologies and strategies to manage their complex cloud environments. However, the complexity and lack of visibility and control are leading to confusion. A concerning trend: 26 percent of organizations have 20 or more security policies in place, leading to alert fatigue and hindering response teams’ ability to effectively counter high-risk incidents. Notably, 90 percent of respondents expressed a preference for a single cloud security platform that simplifies management. Furthermore, an overwhelming 71 percent of organizations have more than six security policies in place, with 68% finding the multitude of alerts overwhelming due to the use of multiple tools stressing the need for a comprehensive and collaborative cloud security solution.
Key findings include:
- Biggest challenges: misconfiguration of cloud platforms or improper setup (59 percent) ranks as the most significant security threat, followed by exfiltration of sensitive data (51 percent), insecure interfaces/APIs (51 percent), and unauthorized access (49 percent).
- Cloud security incidents: 24 percent of respondents reported experiencing public cloud-related security incidents, with misconfigurations, account compromises, and exploited vulnerabilities being the most common incident types.
- Cloud configuration and security policy management: while 62 percent of organizations utilize cloud native tools for configuration management, 29 percent rely on dedicated cloud security posture management solutions (CSPM).
