2024 Cloud Security Report

2024 Cloud Security Report

This 2024 Cloud Security Report has been produced by Cybersecurity Insiders, the 700,000 member information security community, to explore how organizations are responding to the evolving security threats in the cloud.

2024 Cloud Security Report

Cloud Security Report

2024

22024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

With businesses increasingly reliant on cloud technologies, the security of cloud platforms has escalated

into a significant concern that highlights their potential and susceptibility. Traditional security measures

often fall short in addressing the dynamic and sophisticated nature of threats faced in cloud settings,

making it imperative to shift from a reactive to a preventative stance in security strategies.

This 2024 Cloud Security Report uncovers the pressing concerns and evolving priorities in cloud

security. By gathering insights from over 800 cloud and cybersecurity professionals, the survey explores

the current state of cloud security, the effectiveness of existing security measures, and the adoption of

advanced security solutions, providing a comprehensive view of the challenges and advancements in

this critical area.

Key Survey Findings Include:

• Escalating Security Incidents: Cloud security incidents are alarmingly on the rise, with 61% of

organizations reporting breaches within the last year, marking a significant increase from 24% the

year before. This trend underscores the escalating risk landscape in cloud environments.

• Evolving Breach Types: Data security breaches have emerged as the most common cloud

security incident, reported by 21% of organizations. This shift highlights the evolving nature of

threats and the critical need to safeguard sensitive data.

• Addressing Zero-Day Threats: Navigating zero-day threats remains a top concern, with

91% of respondents worried about their systems’ ability to handle such unknown risks. The

survey underscores the need for predictive and immediate defense mechanisms against these

sophisticated attacks.

• Shifting Security Focus: Despite the rise in incidents, only 21% of organizations prioritize

preventive measures aimed at halting attacks before they occur. This indicates a significant

prevention gap in current cloud security strategies.

• Accelerating CNAPP Adoption: The adoption of Cloud Native Application Protection Platforms

(CNAPP) is growing, with 25% of organizations having already implemented CNAPP solutions.

This trend reflects a strategic move towards integrating comprehensive security measures that

combine prevention, detection, and response capabilities.

We would like to extend our gratitude to Check Point Software Technologies Ltd. for their invaluable

contribution to this survey. Their expertise and support have been instrumental in shedding light on

the complexities and necessities of modern cloud security.

We hope that the insights derived from this survey will serve as a vital resource for organizations

working to enhance the security of your cloud environments.

Thank you,

Holger Schulze Founder, Cybersecurity Insiders

Introduction

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ https://protect.checkpoint.com/v2/___https://www.checkpoint.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjM2NGQ6OGZkZmI3YzViZGI0ZjcwOWQ3ZTZjOGYzNDhjOGY0MjYxNGFlYTAyMjhhMDk3NjRjZGM2NTlkNjIzMzdkM2U3MjpwOlQ

32024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

Understanding the frequency and nature of cloud security incidents is important for grasping the

vulnerabilities that persist in cloud environments.

An alarming 61% of organizations reported experiencing cloud security incidents over the past 12 months, a significant increase from 24% in the previous year. This sharp rise underscores the

risks associated with cloud environments and emphasizes the urgent need for enhanced security

frameworks that prioritize comprehensive visibility and proactive threat management.

Additionally, the fact that 23% of respondents were either unsure or unable to disclose details about these incidents suggests a concerning lack of visibility and control over cloud security, which could

exacerbate the risk of undetected breaches.

KEY INSIGHTS: To address these increased incidents and blind spots, organizations should adopt a prevention-

first approach, ensuring security measures are proactive rather than reactive. Leveraging

advanced, Artificial Intelligence (AI)-supported security solutions can aid in anticipating and

mitigating potential threats before they result in significant damage, aligning with an industry-

wide shift towards more preemptive security strategies.

Cloud Security Incidents on the Rise

YES NO

Not sure

23%

16%

61%

Has your organization experienced any security incidents related to public cloud usage in the last 12 months?

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

42024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

If your organization experienced any security incidents related to public cloud usage in the last 12 months, what type of incident occured?

Data security breaches

Misuse of cloud services

Configuration and management

Phishing and social media

Service disruption

API security issues

21% 7%

9%

10% 12%

17%

Additional responses include: Supply chain attacks 6% | Malware-related incidents 5% | User activitiy related 3% | Compliance violations 3%

Software vulnerabilities 3% | Other 4%

KEY INSIGHTS: Although Cloud Security Posture Management (CSPM) has become a common security

practice for many organizations, aimed at ensuring the implementation of appropriate policies

and controls to identify misconfigurations, the rising number of data breaches highlights the

necessity of prioritizing the protection of cloud assets that contain sensitive data. Adding

security components like Data Security Posture Management (DSPM) offers security teams

added visibility as to where sensitive data lives, who has access to it, and how it is being used.

Tailoring cybersecurity strategies to the specific types of incidents encountered in cloud

environments is critical for effectively addressing prevalent threats, and this is particularly relevant

for 2024 and beyond.

In previous years, misconfigurations has been the leading enabler for security incidents and the focus

for most organizations. However, this year, we see that data security breaches have taken the number

one spot with 21%. Misuse of cloud services, noted by 17% of respondents, indicates significant exploitation of cloud resources for malicious purposes, and configuration and management errors,

reported by 12%, moves down a couple of places.

Most Common Cloud Security Incidents

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

52024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

How concerned are you with the volume of cloud security risks that require mitigation?

96% of organizations are concerned about the volume of cloud security risks

4%

57%

39% VERY CONCERNED

We need to chase them daily

MODERATELY CONCERNED

We are working hard to mitigate risks

NOT CONCERNED We mitigate risks easily and quickly

KEY INSIGHTS: Continuous cloud innovation and complexity has taken us to a place where cloud security

is managed and implemented by DevOps and developer teams. Over time, many CISO

organizations have ceded control over to DevOps, losing visibility and oversight.

It is time for a paradigm shift that transcends the traditional cycle of detection and remediation

so organizations can secure cloud environments without offloading security operations to

developers alone.

Understanding the degree of IT professionals’ concerns about cloud security risks helps in assessing

the efficacy of current security measures.

An overwhelming 96% of survey respondents are concerned about their capacity to manage these risks, with 39% being very concerned, highlighting the significant pressure on scarce resources and underscoring the need for more proactive security solutions.

Cloud Security Concerns

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

62024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

Which of the following barriers inhibit your organization from adequately defending against cyberthreats?

Lack of security awareness among employees

Rapid technological changes

Lack of skilled personnel

Poor integration and interoperability

Regulatory and compliance challenges

Inability to prioritize vulnerabilities

Overwelming data volume to analyze

41%

38%

37%

36%

35%

34%

33% Lack of collaboration/

organizational silos

Insufficient budget

31%

30% Additional responses include: Difficulty justiying additional investment 29% | Inadequate contextual information from security tools 28% | Supply

chain vulnerabilities 26% | Lack of management support 24% | Underinvestment in effective solutions 23% | Not sure/other 13%

KEY INSIGHTS: To overcome these barriers, organizations should consider advanced training and development

of existing staff to close the skills gap. In addition consulting services can also further assist

with integrating security solutions across their various tools and platforms and free up

constrained resources.

Knowing the key obstacles organizations face in defending against cyberthreats is necessary for

refining cybersecurity strategies and resource allocation. The most significant barrier, reported by

41% of respondents, is the lack of security awareness among current employees, emphasizing the need for comprehensive training programs that enhance security knowledge across all organizational

levels. Rapid technological changes and the lack of skilled personnel, noted by 38% and 37% respectively, underscore the difficulty in keeping pace with evolving threats and the technology

designed to combat them.

Additionally, 36% of participants identified poor integration and interoperability between security solutions as a major challenge, indicating that a cohesive security environment could significantly

enhance defensive capabilities.

Barriers to Effective Cyber Defense

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

72024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

Is your organization currently facing a shortage of cybersecurity talent?

NoYes 76% 24%

KEY INSIGHTS: Organizations can supplement these deficiencies and grow their team’s expertise by

investing in a Managed Cloud Native Application Protection Platform (CNAPP). This approach

helps offset shortages and fill knowledge gaps by providing seamless integration with an

organization’s IT and InfoSec operations for better monitoring, configurations, policy tuning,

incident management, troubleshooting, and more.

Additionally, integrating advanced security solutions that leverage AI and automation can

compensate for the shortage of human resources. These technologies can perform routine

security tasks and analyze large volumes of security data more efficiently than human teams,

allowing existing staff to focus on more strategic, high-impact security initiatives.

Digging deeper on employee resource constraints, we find that not only are organizations

struggling with keeping current cybersecurity skills sharpened, but the survey findings highlight the

challenge many organizations face in recruiting new cybersecurity expertise with a significant 76% of respondents reporting a shortage of skilled cybersecurity professionals.

This substantial figure underscores the widespread issue in the industry where the demand for

cybersecurity talent far exceeds the supply for years to come, potentially leaving critical security

functions understaffed and vulnerabilities unaddressed.

Cybersecurity Talent Shortage

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

82024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

How does AI adoption rank among your organization’s cybersecurity priorities?

Top priority

High priority

Medium priority

13%

41%

37%

9% Low/Not a priority

believe AI adoption is a priority for

their organization

91%

KEY INSIGHTS: Organizations should consider elevating AI’s role within their cybersecurity strategies,

particularly by leveraging AI-powered tools like proactive web application firewalls and

advanced network security systems. These AI-enhanced tools can dramatically improve

the detection and prevention of sophisticated cyber threats, especially zero-day attacks, by

continuously learning and adapting to new threats.

The integration of artificial intelligence (AI) into cybersecurity strategies is a telling indicator of how

organizations perceive the role of advanced technologies in enhancing their security posture.

A majority of respondents (91%) consider AI a priority, illustrating a significant lean towards adopting AI-driven solutions within their cybersecurity strategies. This substantial focus underscores the

growing reliance on AI to augment security measures, driven by AI’s capability to analyze large

data sets rapidly, detect anomalies, and predict potential threats with a level of precision and speed

unattainable by human analysts alone.

AI Priority in Cybersecurity

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

92024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

How concerned are you about unknown risks and zero-day attacks such as Log4j / Log4Shell?

36% 55%

9%

VERY CONCERNED We don’t believe that our security measures will be

able to handle these attacks

MODERATELY CONCERNED We have the right security measures in place

NOT CONCERNED We have strong security

capabilities in place that have prevented previous attacks

KEY INSIGHTS: A modern WAF, especially one that utilizes AI to provide immediate and predictive protections

without reliance on signatures, can serve as a critical first line of defense at the cloud’s ‘front

door’, blocking malicious attempts before they penetrate deeper into the network. Coupling

this with an advanced network security solution that offers deep packet inspection and real-

time threat detection across all access points can greatly reduce the vulnerability of cloud

environments to zero-day exploits.

These technologies, when integrated within a seamless security architecture, ensure a robust

defense mechanism that not only detects but also prevents attacks, maintaining the integrity

and resilience of cloud infrastructures against the most unpredictable threats.

Rapid technological advancements have increased cybercriminals’ capabilities to create more

sophisticated attacks.

Almost all respondents (91%) are concerned about their security systems’ ability to manage zero- day attacks and unknown risks, pointing to a significant gap in current security measures that do

not adequately prevent or mitigate these attacks before they cause harm.

Navigating Zero-Day Threats

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

102024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

What are your top cloud security priorities?

47% Threat detection and response

46% User education and awareness

43% End-to-end visibility and monitoring

42% Cloud governance and risk management

Data security and privacy 41%

Compliance and regulatory adherence 37%

Identity and access management 35%

Infrastructure and resource management 33%

Application security 32%

Cloud migration and integration 31%

Security automation and orchestration 29%

Disaster recovery and business continuity 26%

Prevention 21%

KEY INSIGHTS: This prevention gap highlights a critical and common oversight in current security efforts—

while threat detection and monitoring are essential, they often rely on recognizing known

vulnerabilities and patterns of malicious behavior. Such methods fall short against novel threats,

particularly zero-day attacks, which exploit previously unknown vulnerabilities, and therefore

cannot be detected using conventional security tools. A more balanced strategy incorporates

robust prevention mechanisms to strengthen overall security by reducing dependency on

after-the-fact mitigation once an attack has already taken place.

As organizations navigate the complexities of cloud security amidst rising security incidents and

data breaches, the survey reveals a concentrated focus on threat detection and response, with 47% of respondents emphasizing this as a priority. This approach reflects a traditional, reactive stance

that rests solely on identifying and mitigating threats as they occur.

Interestingly, despite the increasing sophistication of cyber threats, only 21% of organizations prioritize prevention strategies aimed at stopping attacks before they happen.

Evolving Priorities in Cloud Security

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

112024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

How many security alerts does your security team receive on an average day?

Fewer than 10 alerts 10-20 alerts

of security teams receive 10 or more alerts per day

21-40 alerts 41-50 alerts More than 50 alerts

19% 16% 17%

73% 24% 16%

Not sure 8%

KEY INSIGHTS: It is common for organizations to identify millions of potential issues upon scanning their

cloud environment— most are not harmful unless malicious actors can exploit them. To

combat this challenge, vendors have implemented ‘attack graphs’ to group and correlate

static misconfigurations and vulnerabilities to better prioritize alerts. However, prioritization

is not enough, as teams may still be ignoring alerts below the attention threshold. This false

sense of confidence can be detrimental. By focusing on preventing attacks before they occur,

organizations can significantly reduce the volume of alerts generated that would otherwise

be considered high risk. This shift not only frees up valuable resources but also enhances the

organization’s ability to thoroughly investigate and manage true risks that would otherwise

pose significant threats.

The survey confirms one of the biggest challenges faced by cybersecurity operations: an

overwhelming volume of daily security alerts. Notably, 40% of organizations receive over 40 alerts each day. This situation not only strains SOC analyst resources but also lengthens the time required

to resolve each alert, with 43% reporting resolution times exceeding five days. This deluge of alerts can exhaust teams and increase vulnerability due to delayed responses to potentially critical threats.

Slowness in Security Response

How long does it typically take your team to resolve a security issue?

take between 1 and 19 days to resolve a security issue

13% 67%

Less than 1 day

Varies widely

15%

7% 1-4 days

5-9 days

10-14 days

15-19 days

26%

20+ days 2%

16%

12%

Not sure 9%

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

122024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

The survey reveals significant fragmentation of the security platforms and tools organizations

deploy to manage their cloud infrastructures. Firewalls lead as the primary defensive measure (49%), reflecting their critical role in network security. However, only 37% have effectively implemented segmentation strategies. This oversight can be particularly detrimental, as insufficient segmentation

can allow attackers to exploit vulnerabilities, which allows them to gain access to broader parts of

the network, causing extensive damage.

The use of WAF by 35% of respondents, along with Cloud Security Posture Management (CSPM) at 26%, points to a layered approach to security that addresses both network defense and application- level vulnerabilities, and everything in between.

Navigating Cybersecurity Tool Fragmentation

What are your organization’s primary measures and controls to manage your entire cloud infrastructure?

Network security segmentation

Identity and Access Management (IAM)

Firewalls

Web Application Firewalls (WAF)

49%

40%

35%37%

28% 27%

26%

Threat intelligence and response

Cloud Native Application Protection Platform (CNAPP)

Cloud Infrastructure Entitlement Management (CIEM)

CI/CD pipeline & software supply chain security

Cloud Security Posture Management (CSPM) Zero Trust

architecture

34%

30%

29%

Additional responses include: Kubernetes Security Posture Management (KSPM) 26% | Cloud Workload Protection Platform (CWPP) 25% |

Content Disarm and Reconstruction (CDR) 12%

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

132024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

How many separate security solutions are required to configure the policies securing your enterprise's entire cloud footprint?

1-3 4-6 7-10 10+

Security solutions to configure policies

have to access 4 or more dashboards to configure their enterprise’s cloud policies

83%

17% 40% 31% 12%

While we are witnessing a noticeable rise in the comprehension and utilization of various cloud

security components, the increasing number of security solutions—highlighted by 43% employing seven or more tools to configure policies alone—indicates a complex and highly inefficient security

landscape.

Cloud Policy Sprawl

KEY INSIGHTS: Consolidating security measures into a highly integrated platform that can offer comprehensive

coverage without the need for multiple, disjointed tools is the way forward.

By streamlining broader capabilities like WAF, network segmentation, cloud detection and

response, and CNAPP under a single umbrella, companies can enhance their security efficacy

while simplifying the administrative burden.

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

142024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

What cloud integration challenges do you face?

Cloud governance, security, and compliance

Cloud architecture challenges in integration

Data governance in cloud integration

Network latency in hybrid cloud environments

49%

54%

45%

41%

40%

Integrating cloud services with legacy systems

Additional responses include: Deciding between custom and pre-built integrations 39% | Issues stemming from cloud integration anti-patterns 29%

Vendor lock-in concerns 27%

If the majority of security issues organizations face can be alleviated through a more streamlined

solution, why does the number of tools and policies continue to rise every year? The survey illuminates

the pains organizations face when trying to better integrate cloud security.

The complexity of maintaining consistent regulatory standards in hybrid or multi-cloud architectures

becomes apparent, as 54% of respondents grapple with ensuring compliance and cloud governance across diverse environments. Additionally, nearly half (49%) struggle with integrating cloud services into aging legacy systems, a task complicated by scarce IT resources which can hinder effective and

secure integration.

Cloud Integration Challenges

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

152024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

When we talk about integration challenges, it’s important to note that a majority of organizations

are also managing multiple cloud IaaS providers within their security landscape. The survey shows

that Microsoft Azure leads the market with 65% of surveyed organizations deploying their cloud services, followed by Amazon Web Services (AWS) (53%) and Google Cloud (47%).

Cloud Providers

KEY INSIGHTS: Cloud native solutions often lack uniformity across cloud services, including on-premises

data centers, leading to disparate policies and complicating security oversight. Look for a

network security solution that is tightly integrated with the WAN networking infrastructure of

various cloud security providers, enabling rules to be applied universally across different cloud

environments.

By incorporating WAF as a service with API schema discovery, organizations can further

streamline the process for on-premises deployments. Leading vendors provide this level of

advanced security within a CNAPP to ensure ease of integration and full coverage.

What cloud IaaS provider(s) do you currently use or plan to use in the future?

65%

53%

47%

29%

30%

24%

20%

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

162024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

What is your organization’s current stage of CNAPP (Cloud Native Application Protection Platform) adoption?

Not interested

Unfamiliar

Considering adoption

Partially implemented

16%

2%

28%

29%

25% Fully implementedand operational

A CNAPP should be the cornerstone of any cloud security strategy, as it unifies Cloud Security

Posture Management (CSPM), Cloud Workload Protection (CWP), Cloud Infrastructure Entitlement

Management (CIEM), Cloud Detection and Response (CDR), and code security, making it much

easier to automate processes and reduce manual inefficiencies.

The survey reveals a promising trend towards the adoption of CNAPP: 25% of organizations have already fully implemented a comprehensive CNAPP solution, indicating a strong commitment to

advanced cloud security practices. Another 29% are in the process of integrating CNAPP into their systems, showing that a majority of respondents recognize the benefits of such platforms.

Rapid CNAPP + Prevention Adoption

KEY INSIGHTS: Not all CNAPPs are created equal. Be sure that you invest in a platform that provides those

preventative components that can only be found by integrating WAF and network security.

Most solutions on the market overlook this important integration and, as a result, are creating

too many alerts and risk factors.

Enhancing CNAPP systems with additional components that emphasize prevention over

remediation can fortify cloud infrastructures.

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

172024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

Employ AI-Powered WAF for Zero-Day Protection: With 91% concerned about zero-day attacks, employing an AI-powered Web Application Firewall is critical. These WAFs intelligently counteract web threats, including zero-day exploits, without relying on signature-based detection, offering immediate protection that aligns with modern attack vectors.

Deploy Advanced Network Security: Consider advanced network security solutions that scale with your cloud infrastructure. This solution should support seamless integration and provide comprehensive protection, facilitating both macro and micro-segmentation and unified policy management across cloud platforms.

Adopt a Prevention-First Approach: With a significant focus on threat detection (47%), adopting a prevention-first CNAPP can shift the approach from reactive to proactive. This platform minimizes alerts and incorporates preventative measures, significantly reducing the volume of risks needing attention by scarce security analysts.

Leverage Comprehensive CNAPP Features: To manage the complexity highlighted by 43% using seven or more tools to configure policies, a sophisticated CNAPP with extensive features like Cloud Workload Protection, Cloud Detection and Response, Code Security, and Cloud Security Posture Management should be employed. These features help streamline security processes and enhance the management of cloud environments.

Incorporate AI Technologies: With 91% of organizations now prioritizing AI to enhance their security posture, the focus has shifted towards leveraging AI for proactive threat prevention and enhancing employee deficits.

Proactive Cloud Defense Strategies As cloud threats become increasingly frequent and sophisticated, it is vital for organizations to

shift from traditional reactive security measures to a prevention-first approach by leveraging the

following cloud security framework.

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ

182024 CLOUD SECURITY REPORT ©2024 Cybersecurity Insiders All Rights Reserved.

The 2024 Cloud Security Report is based on an in-depth survey of 813 cybersecurity professionals conducted in April 2024. This research provides insights and trends in cloud security management, highlighting the threats and pressing challenges organizations face while providing guidance for enhancing cloud security posture. Participants span various roles, from technical and business executives to hands-on IT security practitioners, representing a balanced mix of organizations of different sizes across various industries.

Methodology & Demographics

Financial Services Technology, Software & Internet Government Professional Services Telecommunications Education & Research Manufacturing Computer & Electronics Other

CAREER LEVEL

28% 24% 14% 10% 7% 6% 11%

41% 23% 12% 11% 4% 9%

1% 2% 6% 19% 24%16% 32%

Specialist Manager/Supervisor Director CTO, CIO, CISCO, CMO, CFO, COO Owner/CEO/President Consultant Other

DEPARTMENT

IT Operations IT Security DevOps Engineering Operations Other

20% 16% 12% 8% 6% 5% 5% 5% 23%

INDUSTRY

COMPANY SIZE

Fewer than 10 10-99 100-499 500-999 1,000-4,999 5,000–9,999 Over 10,000

Reuse of Content

We encourage the reuse of data, charts, and text published in this report under the terms of this Creative Commons Attribution 4.0 International License. You’re free to share and make commercial use of this work as long as you attribute the report as stipulated in the terms of the license. For example: “2024 Cloud Security Report by Cybersecurity Insiders”

https://protect.checkpoint.com/v2/___https://www.cybersecurity-insiders.com/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjBjZjY6Njg3Y2U2ZjY1OGVhNTUwOWU2OGZlZjNkZTVjNjg3N2FlN2RlNzI5ZWNhM2RlZjM0ZDg3NWI4MTJkZmFmZWJhNTpwOlQ https://protect.checkpoint.com/v2/___https://creativecommons.org/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OmM0YzE6MmIxNGI2Y2I0YTRiNDBmNWZiN2I0MjYwYWNkNzhlMzdhMjFhMzE1MTM5NDBhMzQ3ZThmMDE2ZTNmNmJmMmJlMjpwOlQ https://protect.checkpoint.com/v2/___https://creativecommons.org/___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OmM0YzE6MmIxNGI2Y2I0YTRiNDBmNWZiN2I0MjYwYWNkNzhlMzdhMjFhMzE1MTM5NDBhMzQ3ZThmMDE2ZTNmNmJmMmJlMjpwOlQ

Check Point Software Technologies Ltd. is a leading AI-powered, cloud-delivered

cyber security platform provider protecting over 100,000 organizations worldwide.

Check Point leverages the power of AI everywhere to enhance cyber security

efficiency and accuracy through its Infinity Platform, with industry-leading catch

rates enabling proactive threat anticipation and smarter, faster response times.

The comprehensive platform includes cloud-delivered technologies consisting of

Check Point Harmony to secure the workspace, Check Point CloudGuard to secure

the cloud, Check Point Quantum to secure the network, and Check Point Infinity

Core Services for collaborative security operations and services.

www.checkpoint.com

https://protect.checkpoint.com/v2/___http://www.checkpoint.com___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OjdjOTI6YjU2OTVhNTkzN2JlY2M1MTg1ZTA3MGI0Y2U0NTZiNjVhZDE3M2Q5ZTlkZTdmMzg3NzA3ZTY1YzJjODM0MzVlNTpwOlQ

©2024 Cybersecurity Insiders. All Rights Reserved.

Email us at info@cybersecurity-insiders.com or visit cybersecurity-insiders.com

Cybersecurity Insiders brings together 600,000+ IT security professionals

and world-class technology vendors to facilitate smart problem-solving and

collaboration in tackling today’s most critical cybersecurity challenges.

Our approach focuses on creating and curating unique content that educates

and informs cybersecurity professionals about the latest cybersecurity

trends, solutions, and best practices. From comprehensive research studies

and unbiased product reviews to practical e-guides, engaging webinars, and

educational articles - we are committed to providing resources that provide

evidence-based answers to today’s complex cybersecurity challenges.

Contact us today to learn how Cybersecurity Insiders can help you stand out in

a crowded market and boost demand, brand visibility, and thought leadership

presence.

mailto:info%40cybersecurity-insiders.com?subject= https://protect.checkpoint.com/v2/___http://cybersecurity-insiders.com___.YzJlOmNwYWxsOmM6bzplNDFiZWQ2OGY4ZmFjOWViZWYwYjA5YmZkNzVjYzU3Mzo2OmJjMDE6ZDhjZTY5NjNkOTkyY2M4ZDg2MDRlMThhY2NmOGI4OTVjMGEwM2YxYmMxOGIwODU3NjgyMmU1YTEzNmJjZjEyZTpwOlQ


Item Type: pdf