A new survey highlights that security professionals view misconfiguration of cloud platforms or improper setup ranks as the most significant security threat.

The 2023 Cloud Security Report, recently released by Check Point Software Technologies Ltd. in collaboration with research firm Cybersecurity Insiders, is based on a survey of more than 1,000 cybersecurity professionals worldwide, provides insights into the current state of cloud security management.

The survey reveals that misconfigurations rank as the primary cloud security concern, affecting 59% of respondents. These misconfigurations not only leave organizations vulnerable but also impede their ability to fully leverage the potential of the cloud.

The survey also showed that businesses are expanding their cloud estates, with 58% planning to store more than 50% of their workload in the cloud within the next 12 to 18 months. However, the survey also revealed 72% of respondents struggle with managing access to multiple security solutions, resulting in confusion and compromising cloud management security. Malicious actors are capitalizing on these challenges, as evidenced by the report, which indicates a 48% increase in cloud-based network attacks in 2022 compared to the previous year.

The survey also reveals organizations have implemented various technologies and strategies to manage their complex cloud environments. However, 26% of organizations have 20 or more security policies in place, leading to alert fatigue and hindering response teams' ability to effectively counter high-risk incidents. Ninety percent of respondents expressed a preference for a single cloud security platform that simplifies management. In addition, 71% of organizations have more than six security policies in place, with 68% finding the multitude of alerts overwhelming due to the use of multiple tools.

Other key survey highlights

  • Misconfiguration of cloud platforms or improper setup (59%) ranks as the most significant security threat, followed by exfiltration of sensitive data (51%), insecure interfaces/APIs (51%), and unauthorized access (49%).
  • 24% of respondents reported experiencing public cloud-related security incidents, with misconfigurations, account compromises and exploited vulnerabilities being the most common incident types.
  • While 62% of organizations utilize cloud native tools for configuration management, 29% rely on dedicated Cloud Security Posture Management Solutions (CSPM).
  • 37% of respondents have embraced DevSecOps in certain areas of their organization, while 19% have implemented a comprehensive program.