According to analysts, more than half of key IT spending is now in the cloud. There is no doubt that it is now a mainstream technology; gone are the days when cloud was just for “test and dev”.
Changing attitudes to security and data protection are one reason for that growth. The cloud is no longer viewed as a security risk. In fact, cloud providers make much of their security and business continuity.
But there is growing evidence that cyber attackers are targeting the cloud, both to disrupt organisations and to corrupt or exfiltrate data.
And cloud users are not helping matters.
All too often, users failed to deploy cloud providers’ security measures. In others, they misconfigured cloud resources. Cloud users are skipping even simple steps, such as encrypting data.
And bad actors can exploit those gaps, possibly within just minutes of finding them
Research by vendor Qualys, for their Totalcloud Security Insights report, found that in some cases, close to two thirds of cloud instances were misconfigured. And organisations had failed to patch half of their internet facing assets.
In this episode, we discuss the findings with Paul Baird, Qualys’ EMEA CTSO. And we look at what CIOs and CISOs can do to reduce risk.