An AlienVault survey of 974 RSA attendees found that although 39% are using more than 10 different cloud services, their security monitoring is nothing short of ‘complex and chaotic’.
21% didn’t know how many cloud applications they use, 42% were concerned about lack of visibility and yet 47% would rather monitor a cloud environment than one that was on-premise.
Alienvault says that one third of attendees described their security as ‘complex and chaotic’, which indicate that there’s a major disconnect between organisations’ actions and beliefs about cloud security and IoT.
“The driving force behind cloud and IoT is the availability and analysis of information, but they must be managed and monitored in the right way. If data is misused, or inadequately protected, the consequences can be severe,” comments Javvad Malik, security advocate at AlienVault.
The survey found that 62% worry about IoT devices and 45% believe IoT benefits outweigh the risks.
43% of those who did use IoT stated that they didn’t monitor network traffic at all. 20% weren’t sure.
“According to the survey findings, many companies are using these impacting technologies to reap the technological and business benefits they provide, but they are doing so without proper monitoring – leaving their company at greater risk of attack.”
Many respondents didn't know what decisions are being made about monitoring cloud security threats. 40% said their team was not always consulted before a cloud platform is deployed. This means there was no guidance, advice or due diligence.
“Most organisations are drowning in ineffective preventative measures and draining resources with investments in expensive, disjointed solutions. This unfortunate combination is likely a tremendous factor in producing the chaos, complexity and confusion experienced by so many companies,” Malik says.
47% were concerned that malware is the highest concern for cloud security. 42% of respondents said there’s a lack of visibility in their cloud systems. 21% were worried that their cloud services are producing too many logs.
AlienVault says this last point highlights problems with cloud audits after an incident has taken place.
“It’s time for organisations to focus on what they do have control over – threat detection and incident response – and implement a unified solution that can monitor on-premises, cloud and hybrid environments. Simplifying security in this way enables companies to immediately identify and respond to threats, and in today’s cybersecurity landscape, this is the best strategy to mitigate risk,” Malik concludes.
AlienVault provides Unified Security Management and crowdsourced threat intelligence.