Four in every five companies have experienced at least one cloud data breach in the past year and a half - and almost half have suffered 10 breaches or more - according to a new survey from cloud security firm Ermetic
Based on a poll of 300 CISOs, the report states that 80% of businesses are unable to identify excessive access to sensitive data in IaaS and PaaS environments, which is posing a threat to security.
In light of cloud security issues, respondents said their top three priorities are: monitoring compliance, managing authorisation and permissions, and managing security configurations.
The primary reason CISOs struggle with access management, the report explains, is the nature of public cloud infrastructure deployment itself.
As public cloud is a dynamic, on-demand environment, users and applications often accumulate unnecessary permissions. Applications are also sometimes authorised by default when introduced, making them a prime target for attackers.
To address issues such as these, the report suggests businesses hone in on three key elements to cloud security: security configuration, adequate visibility into access settings and activity, and identity and access management permission.