Cloud misconfigurations Chief Information Security Officers (CISOs) main concern

June 28, 2023


Chief Information Security Officers (CISOs) rank cloud misconfigurations as a foremost concern, global cybersecurity solutions provider, Check Point Software Technologies’ 2023 Cloud Security Report has found.

Based on an extensive survey of over 1,000 cybersecurity professionals worldwide, the report provides critical insights into the current state of cloud security management, highlighting prevalent challenges and opportunities for Chief Information Security Officers and their organisations.

Chief Information Security Officers need solutions

For Chief Information Security Officers, executives, other IT security professionals and personnel, the findings shed light on the persistent threat posed by misconfigurations, which remain a significant concern for organisations.

Despite the numerous benefits organisations derive from the cloud, such as scalability and flexibility, effectively securing it continues to be a challenge.

The survey reveals that misconfigurations rank as the primary cloud security concern for Chief Information Security Officers, affecting 59% of respondents. These misconfigurations not only leave organisations vulnerable but also impede their ability to fully leverage the potential of the cloud.

Cloud management security

Not surprisingly, businesses are rapidly expanding their cloud estates, with 58% planning to store over 50% of their workload in the cloud within the next 12 to 18 months. However, the survey highlights a pressing issue: a significant 72% of respondents struggle with managing access to multiple security solutions, resulting in confusion and compromising cloud management security.

The increasing complexity of understanding and safeguarding the cloud’s threat surface has become a significant concern for Chief Information Security Officers and other IT leaders, leaving vulnerabilities unchecked. Malicious actors are capitalising on these challenges, as evidenced by the Check Point Research report, which indicates a staggering 48% surge in cloud-based network attacks in 2022 compared to the previous year.

Managing complex cloud environments 

The survey reveals that Chief Information Security Officers and other IT leaders within organisations have implemented various technologies and strategies to manage their complex cloud environments. However, the complexity and lack of visibility and control are leading to confusion.

26% of organisations have 20 or more security policies in place, leading to alert fatigue and hindering response teams’ ability to effectively counter high-risk incidents.

Notably, 90% of respondents expressed a preference for a single cloud security platform that simplifies management. Furthermore, an overwhelming 71% of organisations have more than six security policies in place, with 68% finding the multitude of alerts overwhelming due to the use of multiple tools stressing the need for a comprehensive and collaborative cloud security solution.

Which misconfigurations pose the biggest risk?

“Our survey found that cloud misconfigurations are the foremost concern for today’s CISOs. However, what sets successful cloud security organisations apart, is not only the ability to identify misconfigurations, but also to grasp their contextual relevance and prioritise their resolution,” said TJ Gonen, VP of Cloud Security at Check Point Software Technologies.

Understanding which misconfigurations truly pose a risk to business operations is paramount. As is the capability to swiftly and effectively address those vulnerabilities to maintain a strong security posture. It is imperative for enterprises to select a comprehensive solution that goes beyond surface-level detection.”

Key findings from the 2023 Cloud Security Report

  • Biggest Challenges: Misconfiguration of cloud platforms or improper setup (59%) ranks as the most significant security threat, followed by exfiltration of sensitive data (51%), insecure interfaces/APIs (51%), and unauthorized access (49%).
  • Cloud Security Incidents: 24% of respondents reported experiencing public cloud-related security incidents, with misconfigurations, account compromises, and exploited vulnerabilities being the most common incident types.
  • Cloud Configuration and Security Policy Management: While 62% of organizations utilize cloud native tools for configuration management, 29% rely on dedicated Cloud Security Posture Management Solutions (CSPM).
  • DevSecOps, CIEM, and Unified Security Management: 37% of respondents have embraced DevSecOps in certain areas of their organization, while 19% have implemented a comprehensive program.

Addressing cloud security challenges 

The 2023 Cloud Security Report was conducted in April 2023 of 1052 cybersecurity experts from North America, Europe, Asia-Pacific and more. Respondents comprised a diverse mix of executives, IT security professionals, and personnel from variously sized businesses in multiple industries.

The survey examines how organisations that use cloud services are tackling security concerns, as well as prioritising certifications, training, and best practices prioritised by IT security leaders.

The report concludes by emphasising the need for organisations to address cloud security challenges proactively. In a cloud environment, the scale, speed, and reach of operations are amplified, necessitating robust security measures.  

More UK Security News

Read Next

Security Journal UK

Subscribe Now

£99.99 for each year
No payment items has been selected yet