Singapore firms rely too much on cloud vendors for security

Firms increasingly move critical applications, regulated customer data and development work into public cloud environments, according to a new survey from CyberArk.

Result show that in Singapore, 44% of respondents say the number one benefit for moving workloads to the cloud is to offload security risk. This is happening although many public cloud providers provide straightforward guidance on their shared responsibility models for security and compliance in cloud environments.

“As organisations in Singapore increasingly use public cloud services to enhance business competitiveness and growth, it is critical that they understand and plan to protect the high-value credentials that allow access to cloud-based data and assets, just as they do in on-premises environments” said Vincent Goh, SVP for Asia Pacific and Japan at CyberArk.

“Our survey found a lack of clarity about where security accountability stops and starts — securing the public cloud should be a shared responsibility between public cloud providers and client organisations,” Goh said.

CyberArk suggests that as organisations use the cloud to accelerate digital transformation, there must be greater awareness of where potential security risks exist.

Three in every five (60%) of Singapore respondents migrate business-critical applications into the public cloud, and 41% store customer data subject to regulatory oversight in the public cloud.

Also, 48% use the public cloud for internal development, including DevOps, and 77% rely on the cloud provider’s built-in security, eve if close to seven in 10 (68%) of this number recognise that cloud providers’ built-in security is not sufficient.

According to the survey, the greatest security concerns in public cloud usage are insiders, partners and contractors with privileged access (61%); unauthorised access to cloud management consoles (61%); and shared credentials across compute, storage or application instances (50%).

The problem becomes critical when unsecured and unmanaged credentials provide privileged access, which can enable attackers to escalate privileges and gain elevated access within cloud infrastructure.

The survey said that more than half (52%) of the organisations are unaware that credentials, secrets and privileged accounts exist in IaaS and PaaS environments. 

Only 58% of organisations currently have a privileged access security strategy in place for cloud infrastructure and workloads.