Four out of every five companies have experienced at least one cloud data breach in the past year and a half. Of these companies, about half have experienced ten or more breaches, according to a study by cloud security company Ermetic.
Based on a survey under 300 CISO’s, the report states that 80 percent of companies are unable to identify excessive access to sensitive data in IaaS and PaaS environments. This poses a threat to the security of these companies.
Respondents said their top three priorities are monitoring compliance, managing authorisations and permissions, and managing security configurations.
The main reason why CISOs are struggling with access control, the report explains, is the way the public cloud infrastructure is deployed.
Since the public cloud is a dynamic, on-demand environment, users and applications often collect unnecessary permissions. Applications are also sometimes authorised by default when they are introduced, making them an important target for attackers.
To address these types of issues, the report proposes that companies focus on three key elements of cloud security: security configuration, sufficient insight into access settings and activities, and authorisation for identity and access management.