Businesses are struggling to monitor and secure cloud environments, risking financial penalty and damage to customer loyalty.
Based on a poll of 310 security pros, a new report from Tripwire claims that three quarters of businesses struggle to maintain their security configurations in the cloud.
Some claim their cloud risk management capabilities are sub-standard, compared to other parts of the IT environment, while virtually all (93 percent) are afraid of an employee accidentally exposing sensitive data.
One of the ways criminals find their way into sensitive corporate data is by regularly running automated searches in the cloud. However, just a fifth (21 percent) of businesses assess their overall cloud security posture in real time, with another fifth performing checks it on a weekly basis.
Almost a quarter (22 per cent), meanwhile, conceded to assessing their cloud security posture manually.
“Security teams are dealing with much more complex environments, and it can be extremely difficult to stay on top of the growing cloud footprint without having the right strategy and resources in place,” said Tim Erlin, Vice president of Product Management and Strategy at Tripwire.
“Fortunately, there are well-established frameworks, such as CIS benchmarks, which provide prioritized recommendations for securing the cloud. However, the ongoing work of maintaining proper security controls often goes undone or puts too much strain on resources, leading to human error.”
The report states that most organizations use either CIS or NIST frameworks to secure their cloud environments. While most use some form of automated enforcement in the cloud, almost all respondents (92 percent) want to increase levels of automation.