Cloud Risk in a Rush to Adopt – New Research from the SANS Institute

By on

This post was written by Eric Boerger.

Twenty-one percent of organizations don’t know if their organization has been breached in the cloud.

That uncertainty, lack of control, and limited visibility is a startling indication of the state of cloud use today: The speed of adoption has invited risk that was not foreseen. Understanding that risk is key to gaining control over security in the cloud.

Many more industry insights are revealed in Cloud Security: Defense in Detail if Not in Depth: A SANS Survey completed in November and sponsored by McAfee. The survey especially delves into infrastructure-as-a-service from providers like Amazon Web Services (AWS) and Microsoft Azure, which is driving digital business transformation toward the most agile models to date.

Among the findings, some captured in the chart below, include the benchmark that 40% of organizations are storing customer personally identifiable information (PII) in the cloud – and 15% of those had experienced a misconfiguration due to quickly spun up components.

The inevitable goal of cloud adoption is, of course, quite laudable: To realize agility and costs benefits across the organization. The problem is that many IT departments and developers have rushed in, adjusting their delivery models from dedicated hardware in data centers to cloud instances, containers, and now even serverless infrastructure.

Where was security in that fast adoption? Unfortunately, often left behind. Existing endpoint or data center security tools often can’t simply be transferred to the cloud. They need to be rebuilt to run “cloud-native,” designed specifically for the unique properties of public cloud service provider environments. Added to that adjustment is often the dual responsibility of maintaining the public cloud and a virtual private cloud environment in your datacenter – two to manage.

This requires a cloud strategy across these environments: seek policy unification, not tool unification. Cloud security requires change. But there is no point in burdening the agility of the cloud with disconnected management. Your organization should have one view to your infrastructure with one set of policies that everyone understands.

McAfee teamed up with the SANS Institute on an analysis of this survey’s findings. In this presentation, we dive deeper into these points, providing key perspectives on the cloud industry at this crucial time. Tune in here:

Download and read the full report here: Cloud Security: Defense in Detail if Not in Depth: A SANS Survey. For more information on our approach to cloud security, go to

Leave a Comment

Similar articles

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is ...
Read Blog
If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and ...
Read Blog
Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need ...
Read Blog