According to a recent survey, despite 80% of cloud security professionals believing that their existing processes, people, and technology can protect them against future data breaches, there is a contrasting view on cloud security readiness.
Paradoxically, the survey, conducted by cloud detection and response company Permiso, found that 50% of the respondents reported a data breach caused by unauthorized access to their cloud environment, while 95% expressed concerns about the ability of their current tools and teams to detect and respond to security incidents in their cloud environment. Despite the respondents feeling prepared for breaches, more than half of respondents (55%) described themselves as “extremely concerned” and “very concerned” about the potential threat of a data breach. Permiso surveyed 500 security, IT, and engineering professionals for the study.
Not only do concerns exist regarding hypothetical attacks, but there seems to be a discrepancy in how organizations have dealt with previous security breaches. The survey data showed that most respondents (70%) believe their response time to attack is between 12 and 24 hours. However, data from real-world production environments and incident responses indicates that the actual response time is over two weeks (16 days), according to Permiso co-founder and co-CEO Paul Nguyen.
“There is a significant disconnect within the survey data we collected and even more significant disparity when you compare that with actual data from cloud environments,” Nguyen said.
A False Sense of Security
Being overly confident in preparedness for breaches can lead to a lack of effective response when breaches do occur, Nguyen said. Many organizations adopt an attitude that their code is developed securely, has gone through a CI/CD pipeline, and has been configured properly before deployment. They often assume that their cloud service provider is responsible for their portion of the shared responsibility model and have detection tools in place. They may also rely on cloud security posture management tools to address security configurations and critical issues, he noted. However, this mindset can create a false sense of security because it overlooks the possibility of a breach and the need to effectively detect and address threat actors if they gain access.
Furthermore, the shared responsibility model in cloud environments can mislead organizations into believing that they have less risk because the cloud service provider supposedly covers most security aspects, added Jason Martin, co-founder and co-CEO of Permiso.
“The cloud service providers have left some of the most sensitive and complex aspects of operating technology to the customer,” Martin said. “It is very easy for a customer to mismanage and misconfigure something like access management, and the results can be catastrophic.”
Identity Management Challenges in Cloud Environments
As companies increasingly embrace cloud-based practices and rely on cloud-native technologies, the number of identities within organizations is growing every day. According to the Identity Defined Security Alliance, 98% of companies have confirmed an increase in the number of identities, with 52% attributing this rise to the rapid adoption of cloud applications. Managing these identities poses a significant challenge for security professionals, as more than 80% of them handle at least 1,000 identities and 44% manage at least 5,000. The growing number of identities also introduces a variety of different access patterns through which users can access their environments.
“While 25% of the respondents use federation to access their cloud environment, only a little more than half of them have full visibility into the access activity of those federated users,” Nguyen said. In addition, nearly half of the respondents (46.4%) allow console access via local identity and access management users, which presents multiple security risks and violates some enterprise security policies.
The inability to properly control access to their environments raises concerns about unauthorized access. Half of the respondents said they had suffered a data breach resulting from unauthorized access to their environments. This finding aligns with Verizon’s 2022 Data Breach Investigations report, which showed that compromised credentials were involved in 61% of all breaches.
A Thorough Assessment Is Vital to Cloud Security
The most crucial step towards cloud security is for an organization to thoroughly assess its environment. Relying on assumptions that an organization practices least privilege or complies with enterprise security policies across the board is dangerous, Nguyen said.
Nguyen stressed that organizations should inventory all users across the cloud environment and identity providers, establish a baseline for user behavior, and gain a deeper understanding of the intent of those behaviors. “You will start to get better visibility into runtime activity as it’s happening,” Nguyen said. “This will allow you to more rapidly detect and respond to issues or breaches before the impact to the organization is too severe.”