Security operations teams may not be fully prepared to handle risk associated with business technology systems transitioned to and maintained in the cloud, a new study found.
The study, conducted by CRA Business Intelligence, the research and content wing of CyberRisk Alliance (CRA), and sponsored by Bishop Fox and Invicti, also revealed that while some organizations educate themselves to adopt a cloud-first model, others merely shift their applications to the cloud without customization. That practice alone can lead to accelerated risk, the study concluded. (Full disclosure: CRA is the parent of MSSP Alert).
Here are four of the report’s key findings:
“With 54% of respondents not experiencing a cloud-based attack or breach, lift and shift (33%) and cloud native (29%) strategies continue to dominate,” said Matt Alderman, EVP, Foresight at CyberRisk Alliance. “Our research shows a wide range of security solutions are being used to secure cloud environments, and over 90% of those surveyed indicated they are likely to invest more in cloud security over the next two years. However, selecting the right security solutions for cloud infrastructure creates a need for more education. Only software composition analysis (SCA) and application programming interface (API) security solutions are keeping up with customer expectations.”
Amid that backdrop, roughly 40% of MSSPs now offer cloud security posture management (CSPM) and related services to help customers properly configure and lock down their cloud workloads, MSSP Alert research found.
The data and insights in this report are based on a survey conducted in April 2022 of 300+ IT and cybersecurity decision-makers and influencers in the United States. The research also includes best practices to help organizations better secure their cloud-based resources.
