Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

Fugue Survey Finds Widespread Concern Over Cloud Security Risks during the COVID-19 Crisis

84% of IT professionals are worried about ensuring the security of cloud environments during the rapid transition to 100% distributed teams

the cloud
April 13, 2020

As a vast majority of companies make the rapid shift to work-from-home to stem the spread of COVID-19, a significant percentage of IT and cloud professionals are concerned about maintaining the security of their cloud environments during the transition. The findings are a part of the State of Cloud Security survey conducted by Fugue. 

The survey found that 96 percent of cloud engineering teams are now 100 percent distributed and working from home in response to the crisis, with 83 percent having completed the transition or in the process of doing so. Of those that are making the shift, 84 percent are concerned about new security vulnerabilities created during the swift adoption of new access policies, networks, and devices used for managing cloud infrastructure remotely.

“What our survey reveals is that cloud misconfiguration not only remains the number one cause of data breaches in the cloud, the rapid global shift to 100% distributed teams is creating new risks for organizations and opportunities for malicious actors,” said Phillip Merrick, CEO of Fugue. “Knowing your cloud infrastructure is secure at all times is already a major challenge for even the most sophisticated cloud customers, and the current crisis is compounding the problem.”

84 percent are concerned they’ve already been hacked and don’t know it
Eighty-four percent of IT professionals are concerned that their organization has already suffered a major cloud breach that they have yet to discover (39.7 percent highly concerned; 44.3 percent somewhat concerned). 28 percent state that they’ve already suffered a critical cloud data breach that they are aware of.

In addition, 92 percent are worried that their organization is vulnerable to a major cloud misconfiguration-related data breach (47.3 percent highly concerned; 44.3 percent somewhat concerned). Over the next year, 33 percent believe cloud misconfigurations will increase and 43 percent believe the rate of misconfiguration will stay the same. Only 24 percent believe cloud misconfigurations will decrease at their organization.

Causes of cloud misconfiguration: Lack of awareness, controls, and oversight
Every team operating on cloud has a misconfiguration problem, with 73 percent citing more than 10 incidents per day, 36 percent experiencing more than 100 per day, and 10 percent suffering more than 500 per day. 3 percent had no idea what their misconfiguration rate is.

The top causes of cloud misconfiguration cited are a lack of awareness of cloud security and policies (52 percent), a lack of adequate controls and oversight (49 percent), too many cloud APIs and interfaces to adequately govern (43 percent), and negligent insider behavior (32 percent). Only 31 percent of teams are using open source policy-as-code tooling to prevent misconfiguration from happening, while 39 percent still rely on manual reviews before deployment.

Respondents cited a number of critical misconfiguration events they’ve suffered, including object storage breaches (32 percent), unauthorized traffic to a virtual server instance (28 percent), unauthorized access to database services (24 percent), overly-broad Identity and Access Management permissions (24 percent), unauthorized user logins (24 percent), and unauthorized API calls (25 percent). Cloud misconfiguration was also cited as the cause of system downtime events (39 percent) and compliance violation events (34 percent).

Additional findings include:

  • 73 percent use manual remediation once alerting or log analysis tools identify potential issues, and only 39 percent have put some automated remediation in place. 40 percent of cloud teams conduct manual audits of cloud environments to identify misconfiguration.
  • A reliance on manual approaches to managing cloud misconfiguration creates new problems, including human error in missing or mis-categorizing critical misconfigurations (46 percent) and when remediating them (45 percent).
  • 43 percent cite difficulties in training team members to correctly identify and remediate misconfiguration, and 39 percent face challenges in hiring enough cloud security experts.
  • Issues such as false positives (31 percent) and alert fatigue (27 percent) were also listed as problems teams have encountered.
  • The metric for measuring the effectiveness of cloud misconfiguration management is Mean Time to Remediation (MTTR), and 55 percent think their ideal MTTR should be under one hour, with 20 percent saying it should be under 15 minutes. However, 33 percent cited an actual MTTR of up to one day, and 15 percent said their MTTR is between one day and one week. 3 percent said their MTTR is longer than one week.
  • 49 percent of cloud engineering and security teams are devoting more than 50 man hours per week managing cloud misconfiguration, with 20 percent investing more than 100 hours on the problem.
  • When asked what they need to more effectively and efficiently manage cloud misconfiguration, 95 percent said tooling to automatically detect and remediate misconfiguration events would be valuable (72 percent very valuable; 23 percent somewhat valuable). Others cited the need for better visibility into cloud infrastructure (30 percent), timely notifications on dangerous changes (i.e., “drift”) and misconfiguration (28 percent), and improved reporting to help prioritize remediation efforts (8 percent).
KEYWORDS: cloud security COVID-19 cyber security information security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • covid-19 survey

    Survey Shows How the Security Industry is Mitigating Risk during COVID-19

    See More
  • Risk Ledger

    Risk Ledger Report: Impact of the COVID-19 Crisis on Supply Chain Security

    See More
  • More than 45 percent say risks of cloud computing outweigh benefits, survey finds

    See More

Related Products

See More Products
  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing