Compliance, accidental exposure of credentials, and data control are also primary concerns for senior IT and security managers.
Most (93%) cybersecurity professionals are “moderately to extremely concerned” about cloud security, with data loss and leakage (64%) and data privacy (62%) at the top of the collective list.
To compile the “2019 Cloud Security Report,” commissioned by Synopsys, researchers with Cybersecurity Insiders conducted a survey of its 400,000-person community to see what’s top of mind for senior-level managers in IT and security operations. About one-third said they are “very” or “extremely” confident in their organizations’ cloud security posture, and 47% are “moderately confident.” Still, even those who feel good about security have concerns.
Data loss and confidentiality aside, respondents are mostly worried about legal and regulatory compliance (39%), accidental credential exposure (39%), data sovereignty (35%), and incident response (29%). When asked about the biggest daily operational headaches, respondents pointed to compliance (34%), visibility into infrastructure security (33%), lack of qualified staff (31%), setting consistent security policies (31%), lack of integration with on-prem technology (29%), and security not keeping up with the pace of new and existing applications (29%).
The compliance process is complex, and the greatest challenge for 43% of IT and security professionals surveyed is monitoring for new vulnerabilities in cloud services that must be secured. Other compliance pain points include audit assessments in the risk environment (40%) and monitoring for compliance with policies and procedures (39%).
Respondents use several tactics to protect cloud-based data. More than half (52%) use access controls, 48% use encryption or tokenization, and 45% use security services offered natively or by cloud providers. Less common methods include cloud security monitoring tools (36%), connecting to cloud via protected networks (36%), and third-party security services (25%).
Read more details here.
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
From DHS/US-CERT’s National Vulnerability Database
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate is a reservation duplicate of CVE-2002-0639. Notes: All CVE users should reference CVE-2002-0639 instead of this candidate. All references and descriptions in this candidate have been removed to prevent …
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t…
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can…
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.