Over 90% of enterprises have a hybrid, multi-cloud strategy. The benefits of cloud computing are clear: more flexibility; reduced need for scarce resources; better support and in some respects, security becomes easier. But there are risks: not least because security responsibility is shared, giving rise to errors.
Misconfiguration is the leading cause of data breaches and from our research, it is the most common source of major cloud security incidents. Gartner predicts that “Through 2025, 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data.”
Cloud vendors have developed tools to spot misconfigurations, but to be effective, they must be configured and managed by someone skilled. The scarcity of cloud security skills makes products hard to maintain, and users can have difficulty interpreting their outputs. Added pressure also comes from regulators requesting evidence that security controls governing data in the cloud are working. Cloud security risk is often managed by regular auditing.