Security professionals showed concern over a human error that could potentially worsen cloud capabilities and accidentally expose cloud data to the public.
About 93 percent of security experts believe that human error is responsible for exposing sensitive data, making it critical for organizations to their digital assets. Human error is considered as a top threat by these professionals, who are working to secure all sensitive data.
With fewer organizations and companies checking the cloud security in real-time, the threat is definitely higher. According to research commissioned by Tripwire, only 21 percent of organizations assess their overall cloud security posture in real-time or near real-time.
About 21 percent disclosed the ability to conduct weekly evaluations, and 58 percent only perform monthly checking. Despite the shift to automated cloud systems and heightened risk of human error, 22 percent still assess cloud security posture manually.
The survey evaluated the opinions of 310 security professionals on the best practices of implementing cloud security. Maintaining the cloud security is considered a challenge for most companies. Only 22 percent claimed they are able to maintain security compliance over time.
“Security teams are dealing with much more complex environments, and it can be extremely difficult to stay on top of the growing cloud footprint without having the right strategy and resources in place,” said Tripwire VP of product management Tim Erlin.
Lack of Resources
One of the biggest challenges experienced by organizations in maintaining the security of the cloud is the lack of resources leading to human error. As mentioned, not all companies transitioned to automated controls and frameworks, and manually assessing the security posture is rather cheaper.
Well-established frameworks like the CIS benchmarks provide recommendations to secure the cloud. However, not all companies have access to these tools and systems.
About 91 percent of the participants claimed they’ve implemented some level of automated enforcement on the cloud, while 92 percent still wish to increase their level of automated enforcement.
CIS and NIST being the famous frameworks to secure cloud environments, organizations aren’t that keen to integrate these to their storage systems.
In numbers, there's 51 percent who claimed to have proper encryption settings for storage buckets. Additionally, 45 percent of the participants automatically assess the new cloud assets added to the cloud environments.
About 51 percent have automated alerts in place in relation to suspicious behavior in the cloud storage.
