INTELLIGENT

SECURITY esearch commissioned by

Qualys and conducted by Dark

Reading shines a light on the way information security professionals are struggling with the difficulties of safeguarding cloud and SaaS assets, including measuring, communicating and eliminating cyber-risks in the cloud.

According to the recent study data, almost 20 % of professionals are experiencing serious challenges when it comes to system maintenance and fortification. Key findings from the research highlight these difficulties:

• Cloud adoption is ubiquitous and complex: Most organisations polled( 57 %) use two to three cloud service providers, and 58 % have at least five corporate-wide SaaS applications deployed. To secure this complex environment, the majority( 60 %) must manage and reconcile outputs from two or more separate cloud and SaaS security tools – a task they find challenging and suboptimal.

• Sleepless nights: Professional defenders singled out cost( 54 %), system reliability and performance( 36 %), and limited cloud-specific security staff skills( 27 %) as the cloud and SaaS issues that concerned them the most.

• Attacks are relentless: Moving data and applications to the cloud and adopting SaaS come with a whole set of risks. Enterprises are worried about threats such as account hijacking, phishing, ransomware and malware, data exfiltration, advanced persistent threats, and distributed denial-of-service attacks.

• Configuration chaos: One place just about all parties find common ground when assessing cloud and SaaS risk is in the thorny issue of misconfigurations – one of the top concerns for both cloud( 24 %) and SaaS( 33 %).

• Situational blindness: Few enterprises engage in ongoing or continuous assessment of their cloud and SaaS environments. The rest do security assessments at intervals that range largely from once a quarter( 18 % for cloud, 11 % for SaaS) to once a year( 25 % cloud, 26 % SaaS), and in some cases not at all.

• Difficulty patching: Enterprises are also concerned about adversaries exploiting unpatched vulnerabilities in web applications( 39 %) and cloud environments( 23 %). Almost one in five say they have difficulty applying security updates and patches, creating a situation where organisations are exposed to attack as a result of exploitable vulnerabilities.

• Sluggish response: Topping the list of IR concerns are a lack of skilled workers( 49 %), limited visibility into cloud and hosted environments( 46 %), and the inherent complexity of cloud-centric incidents( 46 %).

“ The data shows in stark relief, the real-world challenges defenders face when it comes to shoehorning traditional security practices and methods – things like managing configs and vulnerabilities, controlling access, and corralling siloed security tools – into the defences of dynamic multi-cloud and multi- SaaS environments,” said Shilpa Gite, Senior Manager, Cloud Security Compliance, Qualys.

To boost their security posture, organisations should consider:

• Implementing continuous monitoring and assessment: Continuous assessment helps in promptly detecting vulnerabilities

• Adopting a unified security platform: A unified platform provides comprehensive visibility, streamlined security operations and consistent policy enforcement

• Enhancing identity and access management( IAM): Proper IAM practices are essential for securing access to sensitive data and systems

• Leveraging automation for security processes: Automating security processes improve operational efficiency and reduces risk of human error

• Investing in advanced threat detection and response capabilities: Combats sophisticated threats such as advanced persistent threats( APTs), ransomware and next-gen malware.

WWW. INTELLIGENTCISO. COM 55