Nearly 100% of organizations experienced a cloud data breach within the last 18 months, according to the cloud infrastructure security firm Ermetic.
The cloud data breach report also found that cloud security incidents increased by almost 20% within the past year.
The survey, which polled 200 CISOs and other key IT security decision-makers, also found that the lack of visibility and identity management was a major security threat for most organizations.
Almost all organizations experienced at least one data breach in past 18 months
The IDC cloud security survey key findings reveal that 98% of all companies experienced a cloud data breach within the past 18 months, a 19% increase from 79% just a year ago. During the same period, 67% reported three data breaches.
The research study also found that nearly two-thirds (63%) of the respondents said their organizations exposed sensitive data in the cloud. This number was more than eight out of ten (85%) for organizations with annual cloud budgets of $50M or above.
Most organizations (83%) attributed at least one data breach to cloud access permissions
Most organizations struggled to balance cloud access without affecting daily operations. Over half (53%) of organizations struggled to ensure that employees had the right access to execute their jobs effectively while ensuring data confidentiality.
Other survey highlights include 58 and 57% of the organizations struggling to provide access while protecting data from external and internal threats, respectively.
Least privilege is still preferred by most organizations
Most organizations (92%) polled said they tried, are trying, or will try to implement least privilege in the cloud in the next 12 months.
However, half (50%) of companies surveyed said they faced various challenges implementing least privilege access restrictions.
Nearly a third (29%) said it was too difficult and time-consuming, while a similar number cited lack of personnel/expertise (29%) or multi-clouds (29%).
Managing cloud security was too difficult and time-consuming
More than three-quarters (70%) of organizations spent more than 25 hours per week managing Identity and Access Management (IAM) in cloud platforms.
Similarly, while 71% of the organizations relied on commercial cloud security solutions provided by cloud platforms, they reported that the tools required a lot of time to configure.
The growth of cloud footprint exacerbated the problem, 60% of organizations suffering from the lack of visibility. Overworked employees and the lack of visibility is a perfect recipe for a data breach.
Organizations are dissatisfied with their cloud security posture
Nearly half (43%) of all organizations said they were dissatisfied with their cloud security posture. Nearly two-thirds (64%) cited the difficulties in uniformly managing access across multiple clouds, lack of visibility (63%), the difficulty of integrating disparate security solutions (63%), lack of personnel or expertise (59%), and difficulties of implementing a shared security model between their organizations and their cloud vendors (58%).
Only a fifth (20%) of organizations polled felt very satisfied with their cloud security posture. The reliance on public cloud providers’ commercial cloud security solutions and the low satisfaction rate indicated that the shared model for cloud security was ineffective, according to the researchers.
“Even though most of the companies surveyed are already using IAM, data loss prevention, data classification, and privileged account management products, more than half claimed these were not adequate for protecting cloud environments,” said Shai Morag, CEO of Ermetic.“Two-thirds cited cloud-native capabilities for authorization and permission management, and security configuration as either a high or an essential priority.”