Virtually all security professionals believe that human error could put the security of cloud data at risk, according to new research published today.
A survey commissioned by Tripwire and carried out last month by Dimensional Research found that 93% of security professionals were concerned that human error could result in the accidental exposure of their cloud data.
Despite their concern over human error, 22% of those surveyed said that they assess their cloud security posture manually.
The survey evaluated the opinions of 310 security professionals on the implementation of cloud security best practices.
According to the research, a number of organizations experience difficulties in monitoring and securing their cloud environments. A majority of security professionals (76%) state they have difficulty maintaining security configurations in the cloud, and 37% said their risk management capabilities in the cloud are worse compared with other parts of their environment.
Other findings were that security professionals tend not to keep tabs on their real-time cloud security situation. Only 21% of organizations were found to assess their overall cloud security posture in real time or near real time.
While 21% said they conduct weekly cloud security evaluations, 58% said they wait until a month or more has gone by.
Maintaining security was a challenge for most organizations, with only 22% saying that they are able to maintain continuous cloud security compliance over time.
“Security teams are dealing with much more complex environments, and it can be extremely difficult to stay on top of the growing cloud footprint without having the right strategy and resources in place,” said Tim Erlin, vice president of product management and strategy at Tripwire.
“Fortunately, there are well-established frameworks, such as CIS benchmarks, which provide prioritized recommendations for securing the cloud. However, the ongoing work of maintaining proper security controls often goes undone or puts too much strain on resources, leading to human error.”
The amount of automation employed varied across cloud security best practices. While 51% use automated alerts with context for suspicious behaviour, only 45% automatically assess new cloud assets as they are added to the environment.