Many companies are experiencing quite some difficulties in securing and configuring cloud-based services. This is the conclusion of a survey by security company Tripwire among 150 security professionals.

The survey was conducted at the annual Black Hat conference in Las Vegas. The study shows that 84 percent of respondents consider security configurations to be “difficult to maintain”. One-fifth of those 84 percent even think it’s “very difficult”. 75 percent also think that it is relatively easy to accidentally expose data in the cloud to external threats.

Just over half (54 percent) of respondents use configuration management for cloud security. Just under half, 49 percent, use file integrity monitoring processes. Cloud security is therefore a substantial part of the work of many IT employees. However, this is not the case for approximately the same number of respondents.

About three quarters say that more than 10 percent of their company’s workloads run in the cloud. In fact, 49 percent said that more than half of them were in the cloud, and 13 percent said that more than three quarters of the workloads were in the cloud.

Shared responsibility

Even though cloud security is important to the interviewees, there is still some confusion. The shared responsibility model, which is often the case with cloud services, states that both users and providers are responsible for security. However, this is not clear to everyone, according to the study. Only 27 percent of respondents think it is “very clear” what shared responsibility means.

“While cloud providers take responsibility for the security of their infrastructure, the move to the cloud does not take away the responsibility to protect your own data. The cloud doesn’t magically protect the data and systems you put in,” said Tim Erlin, vice president of product management & strategy at Tripwire. So companies need to take a more active look at what is needed for cloud security in their own situation.

The report also stated that organizations would do well to keep an eye on the attack surface of their cloud-based services. This attack surface must be as small as possible by precise configuration. At the same time, companies need to keep a constant eye on whether there are any changes in this attack surface.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.