Jakub Jirsák - stock.adobe.com

Most security pros still concerned about public cloud security

Despite accelerated adoption of public cloud services by companies keen to benefit from increased efficiency, scalability and agility, most security professionals have reservations

An overwhelming majority of cyber security professionals (93%) say they are moderately to highly concerned about public cloud security, a survey reveals.

Only 3% of respondents said they were not concerned, while 4% said they were slightly concerned. While 18% said they were moderately concerned, roughly the same proportion said they were “very concerned” (37%) or “extremely concerned” (38%), according to a poll by Synopsys of 400,000 members of the Cybersecurity Insiders information security community.

Although cloud providers offer increasingly robust security measures, the survey report notes that customers are ultimately responsible for securing their workloads in the cloud.

Only about a third (37%) are very confident or extremely confident in their organisation’s cloud security posture, with the top cloud security concern being data loss and leakage (64%), followed by data privacy (62%), compliance (39%), accidental exposure of credentials (39%), data sovereignty (35%) and incident response (29%).

As workloads continue to move to the cloud, cyber security professionals are realising the complications of protecting these workloads, the report said.

The top two security headaches security operations teams are struggling with are compliance (34%) and lack of visibility into infrastructure security (33%), the survey shows.

Other challenges include setting consistent security policies across cloud and on-premise environments (31%), the continuing lack of qualified security staff (31%), lack of integration with on-premise security technologies (29%) and security’s inability to keep pace with changes to and existing applications (29%).

Security professionals say access controls (52%) are the primary method they use to protect data in the cloud, followed by encryption or tokenisation (48%), the use of security services from the cloud provider (45%), deployment of cloud security monitoring tools (36%), and connecting to the cloud via protected networks (36%).

Asked about compliance challenges, the top concern among respondents is monitoring cloud services for vulnerabilities (43%), followed by going through audits and risk assessments (40%), monitoring for compliance (39%), staying up to date on compliance requirements (35%), data quality and integrity in regulatory reporting (34%), scaling and automating compliance activities (26%) and applying the shared responsibility model (24%).

According to the survey report, the biggest barriers to cloud adoption are data security (29%) and general security risks (28%), combined with lack of budget (26%), compliance challenges (26%), and lack of qualified staff (26%).

The main tactic organisation to use to ensure security needs are met is training and certifying IT staff (51%), while 45% said they to rely on their cloud provider’s native security tools, and 30% to partner with a managed security services provider to fill any gaps in capabilities.

Asked about cloud security priorities, most organisations are focusing on malware defence (25%), followed by reaching regulatory compliance (20%) and securing major cloud apps (15%).

More organisations are adopting DevOps for faster software development and delivery while improving application quality and security, the survey found.

A DevOps toolchain is the integration of a set of software development tools used to support development, operations and delivery tasks, the report said. Asked whether they integrate their DevOps toolchain into their cloud deployments, 57% of respondents said “yes”.

When it comes to prioritising security training topics, most respondents selected cloud enabled cyber security (49%), followed by application security (41%) and incident response (34%).

Overall, the report said findings of the survey emphasise that to protect their evolving IT environments, security teams must reassess their security posture and strategies and address the shortcomings of legacy security tools and approaches.

Read more about cloud security

Read more on Cloud security