Cloud solutions continue to be adopted at a rapid rate as Cloud Service Providers offer flexible computing and storage needs, easier collaboration with internal users and customers, added security features, and more; allowing organizations to focus on their core business functions. This new cloud landscape also adds complexity with more people having access to company data. Protecting this data becomes crucial to business as the cost of a data breach is greater than ever. In addition to the value of the data lost, company reputation, legal action, financial penalties, and jobs are at stake. Thinking outside the traditional security perimeter is necessary to protect information from the growing list of threats. Controlling the access to data allows companies to embrace cloud services and technologies.
In February of 2016, the Cloud Security Alliance released “The Treacherous Twelve: Cloud Computing Top Threats in 2016” which revealed the top concerns expressed by IT security professionals in cloud computing. Data Breaches, Account Hijacking, and Malicious Insiders all rated as top threats. The enabling of these attacks can occur because of a lack of scalable identity access management systems, failure to use multifactor authentication, insufficient password use, and a lack of ongoing automated rotation of cryptographic keys, passwords, and certificates. As a result, these deficiencies can enable unauthorized access to data and potentially catastrophic damage to organizations and end users. It was not surprising to find that Insufficient Identity, Credential, and Access Management was listed as the top vulnerability in the report.
The goal of the Identity Solutions: Security Beyond the Perimeter survey was to address Insufficient Identity, Credential, and Access Management and gain a better understanding and perception of enterprise security in the evolving Information Technology (IT) world.
KEY FINDINGS INCLUDE:
• Of those who indicated their company reported a data breach, 22 percent of respondents were due to compromised credentials.
• Surprisingly, there were no significant differences in security solutions used between respondents who reported a breach and those who either did not report or did not know of a reported breach in their organizations.
• Companies embracing big data solutions also consistently adopted more perimeter and identity security solutions.
• 76 percent of internal access control policies extended to outsourced IT, vendors, and other third parties.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program