2020年云安全报告

年度工作报告时间：2020-09-10 09:13:05

Companies continue to rapidly migrate workloads from datacenters to the cloud, utilizing new technologies such as serverless, containers, and machine learning to benefit from increased efficiency, better scalability, and faster deployments from cloud computing.

　Cloud security concerns remain high as the adoption of public cloud computing continues to surge, especially in the wake of the 2020 COVID crisis and the resulting accelerated shift to remote work environments.

　Key survey findings include:

　Security remains a key issue for cloud customers, despite continued rapid adoption of cloud computing. A majority of cybersecurity professionals (94%) confirm they are at least moderately concerned about public cloud security, a small increase from last year’s survey.

　Among the key barriers to cloud adoption, organizations mention a lack of qualified staff (37%) as the biggest impediment to faster adoption – up from the fifth spot on last year’s survey.

　For the fourth year in a row, training and certifying IT staff (61%) ranks as the primary tactic organizations deploy to assure their evolving security needs are met. Fifty-eight percent of respondents rely on their cloud provider’s native security tools, and 34% are looking to hire more staff dedicated to cloud security.

　A majority of six of 10 organizations expect their cloud security budget to increase over the next 12 months. On average, organizations allocate 27% of their security budget to cloud security.

　When asked how organizations rate their overall security readiness, 69% rate their team’s security readiness average or below average. Only half as many say they are above average (31%).

　Of those, 80% believe their teams would benefit from cloud security training and/or certification.

　The main recurring theme in this survey is the continuing shortage of not only qualified cybersecurity staff, but also the lack of security awareness and skills among all employees. Cybersecurity professionals agree that 59% of employees would benefit from security training and/or certification for their jobs.

　This 2020 Cloud Security Report has been produced by Cybersecurity Insiders to explore how organizations are responding to the evolving security threats in the cloud and the continued shortfall of qualified security staff.

　Many thanks to (ISC)2 for supporting this important research project. We hope you find this report informative and helpful as you continue your efforts in securing your cloud environments.

　Thank you,

　Holger SchulzeHol

　Holger Schulze

　CEO and Founder Cybersecurity Insiders

　 How concerned are you about the security of public clouds?

　94%Of organizations are moderately to extremely concerne

　94%

　about cloud security.

　19%

　Not at all concerned

　42%

　33%

　Extremely concerned

　Not at all concerned

　Slightly concerned

　Moderately concerned

　Very concerned

　Extremely concerned

　Most organizations are not confident at all to moderately confident in their cloud security posture (66%). While confidence has been declining from 84% last year, we still see a degree of overconfidence not supported by the backdrop of security incidents and challenges presented in this report.

　 How confident are you in your organization’s cloud security posture?

　66%Of organizations are not confident at all to moderately confident in their cloud security posture

　66%

　41%

　16%

　26%

　Not at all confident

　Extremely confident

　Not at all confident

　Slightly confident

　Moderately confident

　Very confident

　Extremely confident

　Cloud providers offer increasingly robust security measures as part of cloud services, but customers are ultimately responsible for securing their workloads in the cloud. The top cloud security challenges highlighted in our survey are about data loss/leakage (69% - up five percentage points since last year) and data privacy/confidentiality (66% - up four percentage points). This is followed by concerns about accidental exposure of credentials and incident response (tied at 44% and up from 29% last year).

　 What are your biggest cloud security concerns?

　69%

　Data loss/leakage

　66%

　Data privacy/

　confidentiality

　44% 44% 4

　44%

　42%

　37%

　Accidental exposure

　of credentials

　Incident response

　Legal and regulatory compliance

　Data sovereignty/ residency/control

　As more workloads continue to move to the cloud, cybersecurity professionals are increasingly realizing the complications with protecting these workloads. Lack of qualified security staff (47%) has risen to the number one spot on the list of day-to-day headaches, up from the third spot on last year’s survey. This is followed by compliance (40%) and setting consistent security policies across cloud and on-premises environments (36%).

　 What are your biggest operational, day-to-day headaches trying to protect cloud workloads?

　47% 40% 36%

　Lack of

　qualified staff

　Compliance

　Setting consistent

　security policies

　33% 32%

　33%

　32%

　31%

　29%

　Visibility into infrastructure security

　Can’t identify misconfigurations quickly

　Security can't keep up with pace of change in applications

　Lack of integration with on-premises security technologies

　Securing traffic flows 27% | Understanding network traffic patterns 27% | Justifying more security spend 25% | Securing access from personal and mobile devices 25%

　Cloud computing is still not without challenges. Among the barriers to cloud adoption, organizations mention lack of qualified staff (37%) as the biggest impediment to faster adoption – up from the fifth spot on last year’s survey. This is followed by challenges regarding integration with existing IT environments, and data security issues (tied at 35%).

　 What are the biggest barriers holding back cloud adoption in your organization?

　37% 35% 35%

　Lack of staff

　resources or expertise

　Integration with

　existing IT environment

　Data security,

　loss & leakage risks

　31%29%

　31%

　29%

　24%

　22%

　Legal & regulatory compliance

　General security risks

　Lack of budget

　Fear of vendor lock-in

　Loss of control 20% | Complexity managing cloud deployment 19% | Internal resistance and inertia 18% | Cost/lack of ROI 16% Lack of management buy-in 14% | Lack of transparency and visibility 13%

　When asked about what are the biggest security threats facing public clouds, organizations ranked misconfiguration of the cloud platform (68%) highest, up from the third spot on last year’s survey. This is followed by unauthorized access (58%), insecure interfaces (52%), and hijacking of accounts (50%).

　 What do you see as the biggest security threats in public clouds?

　68%

　Misconfiguration of

　the cloud platform/ wrong setup

　58%

　Unauthorized

　access

　52%

　Insecure interfaces

　/APIs

　50% 43% 36%

　50%

　43%

　36%

　33%

　28%

　Hijacking of accounts, services or traffic

　External sharing of data

　Malicious insiders

　Foreign state-sponsored

　cyber attacks

　Denial of service attacks

　As workloads continue to move to the cloud, organizations are faced with unique security challenges presented by cloud computing. Most legacy security tools are not designed for the dynamic, distributed, virtual environments of the cloud. Eighty-two percent of respondents say traditional security solutions either don’t work at all in cloud environments or have only limited functionality – a marked deterioration from last year’s survey (66%).

　 How well do your traditional network security tools/appliances work in cloud environments?

　18%

　All capabilities

　work in the cloud

　82%Claim traditional security solutions either don’t work at all or have limited functionalit

　82%

　17%

　Our traditional

　network security tools don’t work in the cloud

　65%

　Limited functionality

　SECURITY SOLUTIONS

　The rapid adoption of cloud computing is driven by a number of undeniable advantages. Organizations recognize several key drivers of deploying cloud-based security solutions, including faster time to deployment and cost savings (tied at 41%). This is followed by reduced efforts around patches and software updates (40%).

　 What are the main drivers for considering cloud-based security solutions?

　41% 41%

　40%

　Faster time

　to deployment

　Cost savings

　Reduced efforts

　around patches and upgrades of software

　35% 35% 3

　35%

　34%

　33%

　Better visibility into user activity and system behavior

　Need for secure app access from any location

　Our data/workloads reside in the cloud (or are moving

　to the cloud)

　Meet cloud compliance expectations

　Better performance 30% | Easier policy management 26% | Reduction of appliance footprint in branch offices 21% | Other 5%

　SECURITY ADOPTION

　Despite the significant advantages offered by cloud-based security solutions, barriers to adoption still exist. When it comes to business transformation and cloud adoption, three important aspects must be aligned: people, process and technology. Our survey reveals that the biggest challenge organizations are facing is not technology, but people and processes. Staff expertise and training (55%) continues to rank as the highest barrier, followed by budget challenges (46%), data privacy concerns (37%), and lack of integration with on-premises platforms (36%).

　 What are the main barriers to migrating to cloud-based security solutions?

　55% 46%

　37%

　Staff expertise/

　training

　Budget

　Data privacy

　36% 30%

　36%

　30%

　29%

　25%

　Lack of integration with on-premises security technologies

　Solution maturity

　Regulatory compliance requirements

　Data residency

　Sunk cost into on-premises tools 24% | Integrity of cloud security platform (DDoS attack, breach) 17% | Limited control over encryption keys 15% | Scalability and performance 12% | Not sure/other 10%

　When asked about cloud benefits, the organizations participating in this survey generally confirm that cloud is delivering on its promise of flexible capacity and scalability (51%), improved availability (46%), and increased agility (45%).

　 What overall benefits have you already realized from your cloud deployment?

　46%5

　46%

　More flexible

　capacity/scalability

　Improved availability and business continuity

　45%

　Increased

　agility

　36% 30%

　36%

　30%

　27%

　Accelerated deployment

　and provisioning

　Moved expenses from fixed CAPEX (purchase) to variable

　OPEX (rental/subscription)

　Reduced cost

　Increased geographic reach

　CLOUD SECURITY

　 When moving to the cloud, how do you handle your changing security needs?

　Train and/or certify existing IT staff 61%

　Use native cloud provider security tools

　(e.g., Azure Security Center, AWS Security Hub,

　Google Cloud Command Center)

　Hire staff dedicated to cloud security

　Deploy security software from independent software vendors

　Partner with a Managed Security Services Provider (MSSP)

　Other

　 58%

　 34%

　 30%

　 29%

　A majority, six out of 10 organizations expect their cloud security budget to increase over the next 12 months. On average, organizations allocate 27% of their security budget to cloud security.

　 How is your cloud security budget changing in the next 12 months?

　59%Budget will incre

　59%

　27%

　allocated to

　cloud security

　7%Budget will decline

　34%

　Budget

　will stay flat

　When asked how organizations rate their overall security readiness, 69% rate their team’s security readiness average or below average. Only half as many say they are above average (31%).

　 How would you rate your team’s overall security readiness?

　16%

　53%

　31%

　Above average

　Average

　Below average

　TRAINING AND CERTIFICATION

　Of those rating their overall security readiness average or below average, 80% believe their teams would benefit from cloud security training and/or certification.

　 Do you think you or your team need cloud security training and/or certification(s) to be better equipped to operate in cloud environments?

　12%

　80%

　Yes No Not sure

　AND CERTIFICATION

　 What percentage of your employees would benefit from security training and/or certification for their job?

　41%

　59%

　Of employees would

　benefit from security training.

　 Top 10 most valued security certifications

　#4#5CISMCISA#8

　CISM

　CISA

　CCSK

　CRISC

　Network+

　#10

　GSEC

　CEH

　#2 Security+

　#3 CCSP

　When it comes to prioritizing topics for security training, cybersecurity professionals in our survey selected cloud-enabled cybersecurity (66%), followed by application security (45%), and risk-based frameworks (43%) as the most valuable topics for training and education success.

　 Which of the following topic areas would you find most valuable for ongoing training and education to be successful in your current role?

　66%

　Cloud-enabled

　cybersecurity

　45%

　Application

　security

　43%

　Risk-based

　frameworks

　40% 35% 3

　40%

　35%

　32%

　30%

　Incident response

　DevOps

　Soft skills

　(e.g., leadership, effective teamwork, communicating to persuade/educate)

　Regulatory compliance

　The 2020 Cloud Security Report is based on a comprehensive survey of 653 cybersecurity professionals conducted in May 2020 to uncover how cloud user organizations are responding to security threats in the cloud, and what training, certifications and best practices IT cybersecurity leaders are prioritizing in their move to the cloud. The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.

　CAREER LEVEL

　23%

　20%

　14%

　12%

　19%

　Manager/Supervisor Specialist Consultant Director CTO, CIO, CISO, CMO, CFO, COO Owner/CEO/President Other

　DEPARTMENT

　50%

　14%

　11%

　IT Security IT Operations Engineering Compliance Operations DevOps SecOps Other

　COMPANY SIZE

　12%

　17%

　41%

　Fewer than 10 10-99 100-499 500-999 1,000-4,999 5,000-10,000 Over 10,000

　INDUSTRY

　25%

　16%

　13%

　10%

　Government Technology, Software & Internet Financial Services Professional Services Healthcare, Pharmaceuticals, & Biotech Manufacturing Education & Research Energy & Utilities Telecommunications Other

　SECURIT Y CERTIFICATIONS HELD

　92%

　26%

　15%

　14%

　13%

　12%

　38%

　CISSP Security+ CCSP Network+ CISM CISA CEH CRISC Other

　(ISC)2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP?) certification, (ISC)2 offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. In 2015, (ISC)2 and the Cloud Security Alliance (CSA) partnered to launch the Certified Cloud Security Professional (CCSP?) credential for security professionals whose day- to-day responsibilities involve procuring, securing and managing cloud environments or purchased cloud services. It is now our fastest growing certification. Our membership, more than 150,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education?.

　For more information on (ISC)2, visit , follow us on Twitter or connect with us on Facebook and LinkedIn.

　The Path to Stronger Cloud Security

　61% 34%

　of organizations want to train and certify their current IT staff, to ensure that their evolving security needs are met.

　want to hire staff dedicated

　to cloud security.

　EXCLUSIVE FEATURESIs CCSP Right for Me? Fas

　EXCLUSIVE FEATURES

　Is CCSP Right for Me? Fast Facts about CCSP Benefits

　Exam Overview

　Training and Self-Study Resources Pathway to Certification

　 YES, GIVE ME THE FREE GUIDE

上一篇：镇十三五工作总结及十四五工作规划和某县“十四五”实施乡村振兴战略调研报告材料合编下一篇：党支部书记述职报告党支部书记述职报告

相关文章