Over a third of organizations have already suffered an attack on their cloud systems, yet many are failing to eradicate potential security blind spots, according to a new poll from Outpost24.
The cyber-assessment vendor interviewed 300 attendees at this year’s Infosecurity Europe show in London in June.
It found that while 37% admitted suffering a cloud attack, over a quarter (27%) said they don’t know how quickly they could tell if their cloud data has been compromised.
This lack of visibility into cloud environments also extends to testing: 11% claimed they never run any kind of testing in the cloud, while nearly a fifth (19%) said they only do so annually.
Given these findings it’s perhaps not surprising that nearly half of respondents (42%) said they believe on-premises data is more secure than that hosted in the cloud.
Despite these misgivings, a third (34%) of businesses said that more than half of their products/apps are running in the cloud, while 15% said all their assets were.
Bob Egner, VP at Outpost24, argued that cloud environments offer major cost and scalability benefits, but security can get more complex when firms start to use multiple clouds across different providers.
“Organizations should treat their cloud assets just as they would their on-premises assets and apply all the same security principles of vulnerability and application security assessment, plus checks for cloud misconfigurations and security posture,” he added.
“It is extremely important to understand the shared responsibility model and what cloud service providers such as Amazon Web Services (AWS) and Microsoft Azure can and cannot offer in terms of security. Ultimately the responsibility of protecting your data and cloud workloads lies with you, the organizations using cloud services.”
Cloud misconfiguration is a particular challenge, with hackers now stepping up efforts to find exposed databases via automated scans. The Cloud Security Alliance recently put this on its “egregious 11” list of top threats to cloud computing.