According to a study conducted by IDC and commissioned by Ermetic, almost all surveyed companies (98%) have experienced at least one data breach in the last 18 months. For comparison, last year, this number was 76%.
The lack of visibility and adequate identity and network access management are top threats to cloud infrastructures, according to the study that included 200 Chief information security officers (CISOs) and other security top brass.
Ermetic, a cloud infrastructure security company with offices in Tel Aviv, Palo Alto, and Boston, announced the results of a research study on Wednesday. The 2021 State of Security report published on the company’s site reveals that the organizations relying on the cloud are in a troubling state today and changes to security policies are sharply needed.
According to the surveyed senior officials, cloud infrastructure security and access risk management are their top security priorities for the next 18 months, with 85% of them planning on increasing their security spending in 2019.
“Even though nearly 70% of companies invest more than 25 hours a week on cloud identity management, the survey found that 83% had at least one access-related cloud data breach,” said Shai Morag, CEO of Ermetic. “In fact, almost 60% of organizations said they consider lack of visibility and inadequate IAM security a major threat to their cloud infrastructure.”
A successful cloud infrastructure security strategy should focus on identifying and protecting the rights and permissions of the users. But Ermetic says many companies are turning to commercial or free cloud security tools for their security needs. These tools lack the granular visibility and analytic capability that they need.
“As a result, they are unable to capture and unravel the privileges attached to human and machine identities and lack the automation needed to remediate problems at scale and implement least privilege,” Ermetic experts write.
The study conducted by IDC surveyed 200 senior information technology security decision-makers in the US from banks & insurance, healthcare, pharmaceutical, retail, software development, and other industries. The surveyed organizations have from 1,500 to more than 20,000 employees.
The report’s other key findings include:
- 67% of surveyed reported three or more incidents in the last 18 months;
- 63% reported a cloud data breach that resulted in the exposure of sensitive data, that number was 85% for companies with cloud infrastructure budgets of $50M/year or more;
- 83% said at least one of their cloud breaches was related to access
- Almost 70% of companies spend more than 25 hours per week managing IAM in cloud infrastructure
- 71% use commercial security tools from their cloud providers
- 92% tried, are trying, or will try to implement the least privilege in the cloud in the next 12 months
- 50% were struggling to implement the least privilege; the greatest obstacles being too it is difficult and time-consuming (29%), the lack of personnel/expertise (29%), or multi-clouds (29%)
- Only 20% were very satisfied with their cloud security posture.
A full report and an infographic of the survey findings are available on Ermetic’s website.