Story image

AlienVault survey finds cloud & IoT security is ‘complex and chaotic’

03 Apr 2017

An AlienVault survey of 974 RSA attendees found that although 39% are using more than 10 different cloud services, their security monitoring is nothing short of ‘complex and chaotic’.

21% didn’t know how many cloud applications they use, 42% were concerned about lack of visibility and yet 47% would rather monitor a cloud environment than one that was on-premise.

Alienvault says that one third of attendees described their security as ‘complex and chaotic’, which indicate that there’s a major disconnect between organisations’ actions and beliefs about cloud security and IoT.

“The driving force behind cloud and IoT is the availability and analysis of information, but they must be managed and monitored in the right way. If data is misused, or inadequately protected, the consequences can be severe,” comments Javvad Malik, security advocate at AlienVault.

The survey found that 62% worry about IoT devices and 45% believe IoT benefits outweigh the risks.

43% of those who did use IoT stated that they didn’t monitor network traffic at all. 20% weren’t sure.

 “According to the survey findings, many companies are using these impacting technologies to reap the technological and business benefits they provide, but they are doing so without proper monitoring – leaving their company at greater risk of attack.”

Many respondents didn't know what decisions are being made about monitoring cloud security threats. 40% said their team was not always consulted before a cloud platform is deployed. This means there was no guidance, advice or due diligence.

“Most organisations are drowning in ineffective preventative measures and draining resources with investments in expensive, disjointed solutions. This unfortunate combination is likely a tremendous factor in producing the chaos, complexity and confusion experienced by so many companies,” Malik says.

47% were concerned that malware is the highest concern for cloud security.  42% of respondents said there’s a lack of visibility in their cloud systems. 21% were worried that their cloud services are producing too many logs.

AlienVault says this last point highlights problems with cloud audits after an incident has taken place.

“It’s time for organisations to focus on what they do have control over – threat detection and incident response – and implement a unified solution that can monitor on-premises, cloud and hybrid environments. Simplifying security in this way enables companies to immediately identify and respond to threats, and in today’s cybersecurity landscape, this is the best strategy to mitigate risk,” Malik concludes.

AlienVault provides Unified Security Management and crowdsourced threat intelligence. 

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.