Security in the Cloud Remains Challenged by Complexity and Shadow IT

Security in the Cloud Remains Challenged by Complexity and Shadow IT
IBM

IBM Security released new data examining the top challenges and threats impacting cloud security. The report indicates that the ease and speed at which new cloud tools can be deployed can also make it harder for security teams to control their usage.

According to IBM survey data and case-study analysis, basic security oversight issues, including governance, vulnerabilities, and misconfigurations, remain the top risk factors organizations should address to help secure increasingly cloud-based operations. The case-study analysis of security incidents over the past year also sheds light on how cybercriminals are targeting cloud environments with customized malware, ransomware and more.

With businesses rapidly moving to cloud to accommodate remote workforce demands, understanding the unique security challenges posed by this transition is essential for managing risk. While the cloud enables many critical business and technology capabilities, ad-hoc adoption and management of cloud resources can also create complexity for IT and cybersecurity teams.

In order to get a better picture of the new security reality as companies quickly adapt to hybrid, multi-cloud environments, IBM Institute for Business Value (IBV) and IBM X-Force Incident Response and Intelligence Services (IRIS) examined the unique challenges impacting security operations in the cloud, as well as top threats targeting cloud environments. 66% of respondents surveyed say they rely on cloud providers for baseline security; yet perception of security ownership by respondents varied greatly across specific cloud platforms and applications.

The most common path for cybercriminals to compromise cloud environments was via cloud-based applications, representing 45% of incidents in IBM X-Force IRIS cloud-related case studies. In these cases, cybercriminals took advantage of configuration errors as well as vulnerabilities within the applications, which often remained undetected due to employees standing up new cloud apps on their own, outside of approved channels. While data theft was the top impact of the cloud attacks studied, hackers also targeted the cloud for cryptomining and ransomware, using cloud resources to amplify the effect of these attacks.

The responding organizations that relied heavily on cloud providers to own security in the cloud, despite the fact that configuration issues were most often to blame for data breaches (more than 85% of all breached records in 2019). Additionally, perceptions of security ownership in the cloud for surveyed organizations varied widely across various platforms and applications. For example, the majority of respondents (73%) believed public cloud providers were the main party responsible for securing software-as-a-service (SaaS), while only 42% believed providers were primarily responsible for securing cloud infrastructure-as-a-service (IaaS).

While this type of shared responsibility model is necessary for the hybrid, multi-cloud era, it can also lead to variable security policies and a lack of visibility across cloud environments. Organizations that are able to streamline cloud and security operations can help reduce this risk, through clearly defined policies which apply across their entire IT environment.

The survey found that organizations who ranked high maturity in both Cloud and Security evolution were able to identify and contain data breaches faster than colleagues who were still in early phases of their cloud adoption journey. In terms of data breach response time, the most mature organizations surveyed were able to identify and contain data breaches twice as fast as the least mature organizations (average threat lifecycle of 125 days vs. 250 days).