Cloud security remains a hot topic as the trend towards cloud services continues to grow. This article presents the key findings of three cloud security reports.
Table of contents
What is Cloud Computing?
Cloud computing refers to the provision of computing power, storage space and applications via the Internet. Companies and users access services from cloud providers instead of using their local infrastructures. There are different cloud service models such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS), which offer different levels of resources and responsibilities. The National Institute of Standards and Technology’s (NIST) five characteristics for cloud computing include:
- On-Demand Self-Service enables independent access to resources.
- Broad Network Access enables access via different devices.
- Resource Pooling enables sharing the resources.
- Rapid Elasticity enables fast adaptation to resource requirements.
- Measured Service provides transparency and control through monitoring and billing.
Cloud computing offers flexibility, scalability, and cost efficiency. However, security, privacy and compliance aspects should still be considered to adequately protect data and systems. The key findings and challenges in the area of cloud security are highlighted in the reports.
Cloud Security Reports 2023
Cloud security remains a relevant topic in 2023, and three reports on cloud security were conducted in May and June 2023, from which we would like to highlight the key messages. The surveys that were used are from “Cybersecurity Insiders”, an online community for information security professionals with over 500,000 members that provides an on-demand resource for creating a custom survey report on a cybersecurity topic.
The three reports were sponsored by the following organizations:
- Check Point: A leading provider of cybersecurity solutions with a focus on cloud security.
- Trend Micro: A global company specializing in cybersecurity and threat defense.
- ISC2 (International Information System Security Certification Consortium): A renowned non-profit organization dedicated to the promotion of information security and certification of security professionals.
- Check Point: The report is based on a survey of 1052 security professionals conducted in April 2023. The respondents were executives, IT security experts and employees from companies of different sizes and industries.
- Trend Micro: The survey was conducted among 351 security experts in the EU in March 2023.
- (ISC)2: The survey was completed by 823 security professionals in March 2023. Participants were a diverse mix of technical executives and security professionals from organizations of different sizes and industries.
The 5 Insights From the Cloud Security Reports 2023
Summarizing the key findings from the three surveys provides a comprehensive picture of cloud security and the challenges organizations face. Here are the key points:
- Cloud migration: Many organizations are moving their workloads to the cloud, with 39% of respondents having already moved more than half of their workloads. Another 62% plan to make this move in the next 12-18 months. The main drivers for the cloud and its security solutions are improved scalability, accelerated deployment times, and reduced administrative effort.
- Cloud security concerns: Concerns about security in the public cloud remain high (95% of companies moderately to extremely concerned about security in the public cloud).
- Challenges: The complexity of multi-cloud environments (more than 70% of companies use two or more cloud providers) leads to challenges in securing cloud workloads. Other concerns include the lack of skilled personnel to deploy and manage solutions across multiple cloud environments, data privacy and security, and loss of transparency and control.
- Cloud configuration and security policy management: Using configuration management tools specific to the cloud is common, but accessing multiple separate security solutions creates management and security issues. For example, in the surveys, more than 70% of respondents said they need to access three or more separate security solutions to configure the organization’s cloud policies.
- Security risks: Misconfigurations, malware/ransomware, compromised accounts, and infrastructure vulnerabilities are the biggest threats to data leakage in the cloud.
Important to Keep in Mind About These Insights
Overall, our view also reflects the typical challenges taken from the reports on cloud security above. What is relevant for the individual points can be seen below:
- Cloud migration: Secure cloud migration necessitates clear security requirements. Relevant regulations, vulnerabilities, and sensitive data in the company should be identified in advance. Instead of simply transferring these to the cloud, it is important to encrypt at least sensitive data. In addition, strict access controls should be implemented, and activities should be monitored. Employees should be trained in cloud security practices. A well-designed incident response plan is also essential to minimize potential risks and build trust in cloud services. Security should be built into the migration strategy from the outset to be able to confidently benefit of the cloud in a secure way.
- Cloud security concerns: Certifications can play an important role in resolving cloud security concerns. Security certifications serve as a confirmation that a cloud provider complies with certain security standards and has implemented best practices in terms of data protection and security. Well-known certifications are: ISO/IEC 27001, CSA STAR, BSI C5, SOC 2, PCI DSS, HIPAA, EU-DSGVO. It is important to perform comprehensive due diligence before selecting a cloud provider to ensure that own security concerns are adequately addressed.
- Challenges: The challenges mentioned are undoubtedly relevant and can present companies with significant difficulties. To cope with these challenges, companies should conduct a thorough assessment of their requirements and develop a well thought-out (multi) cloud strategy. This may include the use of cloud brokers, the selection of providers with similar standards, the implementation of interoperability and portability, and the automation and integration of security and management solutions. Comprehensive planning and consideration of all relevant factors are critical to fully exploit the benefits of (multi) cloud usage and to overcome potential challenges.
- Security risks: Here we can only add that the security landscape is constantly changing, and it is therefore important that companies and cloud providers continuously keep up to date with new threats and security measures to protect their data in the cloud.
In general, it is important to note that cloud security challenges and insights are influenced by a variety of factors and may not apply equally to all companies or industries. Individual circumstances, the type of cloud services used, and the security measures taken can greatly influence a company’s results and experiences. It is therefore advisable to consider all relevant aspects and develop holistic security strategies that meet the specific requirements and risk profiles of companies.
The results show the growing level of acceptance and use of cloud services, but also the persistent security concerns. Companies need to invest more in training and specialist knowledge to improve cloud security and meet the challenges of multi-cloud environments. Public cloud providers, for their part, should keep investing in security measures to build confidence and promote migration to the cloud.
Do you still have questions about cloud security or are you interested in reviewing your existing configuration? Our Penetration Testing team will be happy to help. We look forward to hearing from you.