A survey of 1,ooo RSA attendees, conducted by Alien Vault, has exposed widespread inconsistencies when it comes to approaching cloud security and the Internet of Things.
Confirming this, one third of respondents describe the state of security monitoring within their organisation as “complex and chaotic”.
The lack of visibility into the cloud is a significant concern for 42%, yet 47% would rather monitor a cloud environment than an on-premises one.
The IoT was also a cause for concern with 62% indicating they were worried about IoT devices in their environment, although 45% believe IoT benefits outweigh the risks.
>See also: The cloud and its security implications
“The driving force behind cloud and IoT is the availability and analysis of information, but they must be managed and monitored in the right way. If data is misused, or inadequately protected, the consequences can be severe,” said Javvad Malik, security advocate at AlienVault.
“According to the survey findings, many companies are using these impacting technologies to reap the technological and business benefits they provide, but they are doing so without proper monitoring – leaving their company at greater risk of attack.”
When it comes to monitoring security threats in the cloud, an alarming number of respondents reported being left in the dark when decisions are made. According to the survey, 39% of respondents are using more than 10 different cloud services within their organisation, and 21% don’t know how many cloud applications are being used.
In addition, 40% stated that their IT team is not always consulted before a cloud platform is deployed, meaning that they are unable to offer guidance and advice, or do due diligence on a platform or service.
The survey also asked participants what concerned them most about cloud security. While malware was rated as the highest concern, with 47% of respondents worrying about it, some of the other responses shed light on why so many security professionals view their environments as complex and chaotic.
This finding also points to the problems associated with auditing cloud environments in the event of an incident.
“Most organisations are drowning in ineffective preventative measures and draining resources with investments in expensive, disjointed solutions. This unfortunate combination is likely a tremendous factor in producing the chaos, complexity and confusion experienced by so many companies,” continued Malik.
“It’s time for organisations to focus on what they do have control over – threat detection and incident response – and implement a unified solution that can monitor on-premises, cloud and hybrid environments. Simplifying security in this way enables companies to immediately identify and respond to threats, and in today’s cybersecurity landscape, this is the best strategy to mitigate risk.”