All ContentCloud Security: Defense in Detail if Not in Depth
Cloud Security: Defense in Detail if Not in Depth
Executive Summary
(CONTINUED)
And while these are their biggest concerns, the 20% who experienced breaches said
their top incidents involve downtime/inaccessibility (such as might be expected
from ransomware and DDoS), followed by poor configurations and account or
credential hijacking.
Respondents also still feel as though they lack visibility, auditability and effective
controls to actually monitor everything that goes on in their public clouds. We are,
however, seeing increased use of security controls within cloud provider environments
and wider use of security-as-a-service (SecaaS) solutions to achieve in-house and
external security and compliance requirements.
These, along with other findings and best practices that work for survey takers, are
discussed in the following report.
SANS ANALYST PROGRAM
2
Cloud Security: Defense in Detail if Not in Depth
State of Cloud Computing
The perspectives presented here represent the experiences of a respondent pool that
came from a mix of small organizations (50% employing 2,000 employees or fewer),
mid-sized (31% employing 2,001–5,000 employees) and larger organizations (19%
employing more than 15,000). Respondents came from a wide range of industries,
including technology, cyber security, banking and finance, and government, among
many others. The largest portion (22%) were security analysts, with 50% of the sample
coming from cyber security roles and the remainder coming from predominately IT
roles, with some business unit representation. Although respondents reported doing
business in multiple global areas, they are largely based in the United States and Europe.
For additional detail, please see Appendix A, “Respondents to This Year’s Survey.”
Adoption of cloud computing
is becoming so pervasive we
didn’t want to ask respondents
if they were following suit, as
we had in the past. Instead we
asked whether the number
of business applications and
mission-critical business
applications they deploy in the
cloud continues to grow.
Pervasive Usage
A small number (7%) said they expect to double the number of business applications
they maintain in the cloud; an even smaller number (6%) predicted they would double
the number of mission-critical applications. Most respondents said they expect growth
of up to 10% in both mission-critical and non–mission-critical applications. But clearly
the trend among respondents is to move more applications into the cloud. Table 1 offers
more detail.
Table 1. Frequency of Cloud Usage for Applications
Type of Application
Increase by Increase by Increase by Increase by
100%
70% to 90% 40% to 60%
30%
No
Change
Decrease
Mission-Critical Applications
6.3%
1. 9%
15.2%
43.1%
32.3%
1.3%
Applications Overall
7.4%
4.3%
24.7%
44.5%
17.3%
1.9%
Business applications and data are most frequently hosted in the cloud, with 96%
reporting their organizations are using business applications in private and public
clouds. Workforce applications such as Dropbox, designed to help employees access
an organization’s systems more efficiently, came in second, with a nod from 84% of
respondents. Cloud-based disaster recovery and backup services were big as well,
showing up in 84% of responses, up from 80% in 2016.
SANS ANALYST PROGRAM
3
Cloud Security: Defense in Detail if Not in Depth
Please complete the form to gain access to this content
