For the last ten years, security and lack of control have been among the top reasons not to use a public cloud provider. Despite many legitimate concerns, two recent vendor-sponsored surveys show the cloud providers’ capabilities are often not the key challenge to increased adoption. Instead, much of the worries are that existing monitoring systems are not optimized to simultaneously track both on-premises and cloud environments.
Misconfiguration of the cloud platform is cited most often as the biggest security threat in public clouds, according to an AWS-centric survey of the Cybersecurity Insiders community sponsored by Cavirin. However, the concern is not about AWS itself, as 83% believe the company provides sufficient native cloud security controls and services. Instead, the concern is often about their own organization’s limitations and insecure interfaces/APIs controlled by other parties. The other big problem is that AWS tooling is being used, just not effectively. Thus, while 71% of AWS customers said they use AWS Identity & Access Management, only 42% of those that use AWS for identity and access control believe their organization uses these tools effectively.
The complete article can be found here.
