2020年云安全报告.docx-得力文库

资源描述

《2020年云安全报告.docx》由会员分享，可在线阅读，更多相关《2020年云安全报告.docx（19页珍藏版）》请在得力文库 - 分享文档赚钱的网站上搜索。

1、Companies continue to rapidly migrate workloads from datacenters to the cloud, utilizing new technologies such as serverless, containers, and machine learning to benefit from increased efficiency, better scalability, and faster deployments from cloud computing.Cloud security concerns remain high as

2、the adoption of public cloud computing continues to surge, especially in the wake of the 2020 COVID crisis and the resulting accelerated shift to remote work environments.Key survey findings include: Security remains a key issue for cloud customers, despite continued rapid adoption of cloud computin

3、g. A majority of cybersecurity professionals (94%) confirm they are at least moderately concerned about public cloud security, a small increase from last years survey. Among the key barriers to cloud adoption, organizations mention a lack of qualified staff (37%) as the biggest impediment to faster

4、adoption - up from the fifth spot on last years survey. For the fourth year in a row, training and certifying IT staff (61%) ranks as the primary tactic organizations deploy to assure their evolving security needs are met. Fifty-eight percent of respondents rely on their cloud providers native secur

5、ity tools, and 34% are looking to hire more staff dedicated to cloud security. A majority of six of 10 organizations expect their cloud security budget to increase over the next 12 months. On average, organizations allocate 27% of their security budget to cloud security. When asked how organizations

6、 rate their overall security readiness, 69% rate their team5s security readiness average or below average. Only half as many say they are above average (31%).Of those, 80% believe their teams would benefit from cloud security training and/or certification. The main recurring theme in this survey is

7、the continuing shortage of not only qualified cybersecurity staff, but also the lack of security awareness and sk川s among all employees. Cybersecurity professionals agree that 59% of employees would benefit from security training and/or certification for their jobs.This 2020 Cloud Security Report ha

8、s been produced by Cybersecurity Insiders to explore how organizations are responding to the evolving security threats in the cloud and the continued shortfall of qualified security staff.Many thanks to (ISC)a for supporting this important research project. We hope you find this report informative a

9、nd helpful as you continue your efforts in securing your cloud environments.Holger SchulzeCEO and Founder Cybersecurity InsidersCybersecurityINSIDERSThank you,Holger SchulzeSECURITY ADOPTIONDespite the significant advantages offered by cloud-based security solutions, barriers to adoption still exist

10、. When it comes to business transformation and cloud adoption, three important aspects must be aligned: people, process and technology. Our survey reveals that the biggest challenge organizations are facing is not technology, but people and processes. Staff expertise and training (55%) continues to

11、rank as the highest barrier, followed by budget challenges (46%), data privacy concerns (37%), and lack of integration with on-premises platforms (36%). What are the main barriers to migrating to cloud-based security solutions?55%Staff expertise/training55%Staff expertise/training46%Budget37%Data pr

12、ivacy3o3o293Lack of integrationwith on-premisessecurity technologiesSolutionmaturityRegulatory compliance requirementsDataresidencySunk cost into on-premises tools 24% | Integrity of cloud security platform (DDoS attack, breach) 17% | Limited control over encryption keys 15% | Scalability and perfor

13、mance 12% | Not sure/other 10%When asked about cloud benefits, the organizations participating in this survey generally confirm that cloud is delivering on its promise of flexible capacity and scalability (51%), improved availability (46%), and increased agility (45%). What overall benefits have you

14、 already realized from your cloud deployment?rrz51%More flexiblecapacity/scalability46%Improvedavailability andbusiness continuity45%IncreasedagilityAccelerateddeploymentand provisioningAccelerateddeploymentand provisioningMoved expensesfrom fixed CAPEX(purchase) to variableOPEX (rental/subscription

15、)ReducedcostIncreasedgeographic reachAccelerated time to market 26% | Improved security 23% | Improved performance 23% | Reduced complexity 21% Increased employee productivity 20% | Improved regulatory compliance 13% | Not sure/other 13%CLOUD SECURITYForthe fourth year in a row, training and certify

16、ing IT staff (61%) ranks as the primary tactic organizations deploy to assure their evolving security needs are met. Fifty-eight percent of respondents rely on their cloud providers native security tools, and 34% are looking to hire more staff dedicated to cloud security.61%于 When moving to the clou

17、d, how do you handle your changing security needs?Train and/or certify existing IT staffUse native cloud provider security tools (eg, Azure Security Center, AWS Security Hub, Google Cloud Command Center)Hire staff dedicated to cloud securityDeploy security software fromindependent software vendorsPa

18、rtner with a Managed Security Services Provider (MSSP)OtherOther5%CQQZ Budget willincreaseA majority, six out of 10 organizations expect their cloud security budget to increase over the next 12 months. On average, organizations allocate 27% of their security budget to cloud security. How is your clo

19、ud security budget changing in the next 12 months?27%allocated to cloud security34%Budget will stay flat7%Budget will declineWhen asked how organizations rate their overall security readiness, 69% rate their teams security readiness average or below average. Only half as many say they are above aver

20、age (31%).How would you rate your teams overall security readiness?Below average Above average AverageTRAINING AND CERTIFICATIONOf those rating their overall security readiness average or below average, 80% believe their teams would benefit from cloud security training and/or certification., Do you

21、think you or your team need cloud security training and/or certification(s) to be better equipped to operate in cloud environments?80%12% 8%Yes No Not sureAND CERTIFICATIONThe main recurring theme in this survey is the continuing shortage of not only qualified cybersecurity staff, but also the lack

22、of security awareness and skills among all employees. Cybersecurity professionals agree that 59% of employees would benefit from security training and/or certification for their jobs. What percentage of your employees would benefit from security training and/or certification for their job?41%59%Of e

23、mployees would benefit from security training.#1 CISSP#2 Security+#3 CCSP#8 CCSK#9 CRISC#10 GSEC Top 10 most valued security certifications# 4 CISM5 CISA# 6 Network+7 CEHWhen it comes to prioritizing topics for security training, cybersecurity professionals in our survey selected cloud-enabled cyber

24、security (66%), followed by application security (45%), and risk-based frameworks (43%) as the most valuable topics fortraining and education success. Which of the following topic areas would you find most valuable for ongoing training and education to be successful in your current role?66%Cloud-ena

25、bled cybersecurity45%ApplicationsecurityA aj 43%Risk-basedframeworksDevOpsDevOpsSoft skills (e.g., leadership, effective teamwork, communicating to persuade/educate)IncidentresponseRegulatorycomplianceMobile security 29% | Digital forensics 25% | Open source vulnerabilities 21% | Internet of Things

26、(loT) 21% | PH 21% | Identifying social engineering/phishing 17% | Not sure/other 6%The 2020 Cloud Security Report is based on a comprehensive survey of 653 cybersecurity professionals conducted in May 2020 to uncover how cloud user organizations are responding to security threats in the cloud, and

27、what training, certifications and best practices IT cybersecurity leaders are prioritizing in their move to the cloud. The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.CARE

28、ER LEVEL23%20%14%12%8%4% Manager/Supervisor Specialist Consultant Director CTO, CIO, CISO, CMO, CFO, COO Owner/CEO/President BOtherDEPARTMENT50%14%8%8%3%3% IT Security IT Operations Engineering Compliance Operations DevOps SecOps OtherCOMPANY SIZE8%5%12%8%17%9%41% Fewer than 10 10-99 100-499 500-999

29、 1,000-4,999 5,000-10,000 Over 10,000INDUSTRY Government Technology, Software & Internet Financial Services Professional Services Healthcare, Pharmaceuticals, & Biotech Manufacturing Education & Research Energy & Utilities Telecommunications OtherSECURITY CERTIFICATIONS HELD CISSP Security+ CCSP Net

30、workf CISM CISA CEH CRISC Other92%26%15%15%15%14%12%38%(ISC)2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)2 offers a portfolio of

31、credentials that are part of a holistic, pragmatic approach to security. In 2015, (ISC)2 and the Cloud Security Alliance (CSA) partnered to launch the Certified Cloud Security Professional (CCSP) credential for security professionals whose day- to-day responsibilities involve procuring, securing and

32、 managing cloud environments or purchased cloud services. It is now our fastest growing certification. Our membership, more than 150,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the indus

33、try. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation - The Center for Cyber Safety and EducatiorrMFor more information on (ISC)2, visit , follow us on Twitter or connect with us on Facebook and Linkedln.CCSRThe Path to Stronger Clou

34、d SecurityCertified Cloud Security ProfessionalAn (ISC)2 Certification杵34%want to hire staff dedicated to cloud security.屏61%of organizations want to train and certify their current IT staff, to ensure that their evolving security needs are met.Start with The Ultimate Guide to the CCSPEXCLUSIVE FEAT

35、URESG Is CCSP Right for Me?G Fast Facts about CCSPG BenefitsC Exam OverviewC Training and Self-Study ResourcesG Pathway to CertificationYES, GIVE ME THE FREE GUIDE Security remains a key issue for cloud customers, despite continued rapid adoption of cloud computing. A majority of cybersecurity profe

36、ssionals (94%) confirm they are at least moderately concerned about public cloud security, a small increase from last years survey. How concerned are you about the security of public clouds?94% Not at all concerned Slightly concerned Moderately concerned 匚 Very concerned Extremely concernedOf organi

37、zations are moderately to extremely concerned about cloud security.66%Most organizations are not confident at all to moderately confident in their cloud security posture (66%). While confidence has been declining from 84% last year, we still see a degree of overconfidence not supported by the backdr

38、op of security incidents and challenges presented in this report. How confident are you in your organizations cloud security posture?Of organizations are not confident at all to moderately confident in their cloud security posture.Not at all confidentExtremely confident Not at all confident Slightly

39、 confident . Moderately confident . Very confident . Extremely confidentCloud providers offer increasingly robust security measures as part of cloud services, but customers are ultimately responsible for securing their workloads in the cloud. The top cloud security challenges highlighted in our surv

40、ey are about data loss/leakage (69% - up five percentage points since last year) and data privacy/confidentiality (66% - up four percentage points). This is followed by concerns about accidental exposure of credentials and incident response (tied at 44% and up from 29% last year). What are your bigg

41、est cloud security concerns?69%Data loss/leakage66%Data privacy/ confidentialityAccidentalexposureof credentialsIncidentresponseLegal and regulatory complianceData sovereignty/residency/controlVisibility & transparency 30% | Availability of services, systems and data 28% | Lack of forensic data 27%

43、ons with protecting these workloads. Lack of qualified security staff (47%) has risen to the number one spot on the list of day-to-day headaches, up from the third spot on last years survey. This is followed by compliance (40%) and setting consistent security policies across cloud and on-premises en

44、vironments (36%). What are your biggest operational, day-to-day headaches trying to protect cloud workloads?47%Lack ofqualified staff40%Compliance36%Setting consistentsecurity policiesVisibility intoinfrastructuresecurityVisibility intoinfrastructuresecurityCan5t identifymisconfigurationsquicklySecu

45、rity cant keep upwith pace of changein applicationsLack of integrationwith on-premisessecurity technologiesSecuring traffic flows 27% | Understanding network traffic patterns 27% | Justifying more security spend 25% |Securing access from personal and mobile devices 25%Cloud computing is still not wi

46、thout challenges. Among the barriers to cloud adoption, organizations mention lack of qualified staff (37%) as the biggest impediment to faster adoption - up from the fifth spot on last years survey. This is followed by challenges regarding integration with existing IT environments, and data securit

47、y issues (tied at 35%). What are the biggest barriers holding back cloud adoption in your organization?37%37%Lack of staffresources orexpertise35%Integration withexisting ITenvironment35%Data security,loss & leakagerisksLack of budgetLack of budgetLegal & regulatorycomplianceGeneralsecurity risksFear of vendorlock-inLoss of control 20% | Complexity managing cloud deployment 19% | Internal resistance and inertia 18% | Cost/lack of ROI 16%Lack of management buy-in 14% | Lack of transparency and visibility 13%When

展开阅读全文