Latest news with #DarkReading
Channel Post MEA
09-04-2025
- Business
- Channel Post MEA
1 In 5 Security Professionals Struggle Applying Security Updates
New research commissioned by Qualys and conducted by Dark Reading shines new light on the various ways information security professionals are coping — or struggling — with the difficulties and nuances of safeguarding cloud and SaaS assets, including measuring, communicating, and eliminating cyber risk in the cloud. Key findings from the research include: Cloud adoption is ubiquitous and complex: Most organisations polled (57%) use two to three cloud service providers, and 58% have at least five corporatewide SaaS applications deployed. To secure this complex environment, the majority (60%) must manage and reconcile outputs from two or more separate cloud and SaaS security tools — a task they find challenging and suboptimal. Most organisations polled (57%) use two to three cloud service providers, and 58% have at least five corporatewide SaaS applications deployed. To secure this complex environment, the majority (60%) must manage and reconcile outputs from two or more separate cloud and SaaS security tools — a task they find challenging and suboptimal. Sleepless nights: Professional defenders singled out cost (54%), system reliability and performance (36%), and limited cloud-specific security staff skills (27%) as the cloud and SaaS issues that concerned them the most. Professional defenders singled out cost (54%), system reliability and performance (36%), and limited cloud-specific security staff skills (27%) as the cloud and SaaS issues that concerned them the most. Attacks are relentless: Moving data and applications to the cloud and adopting SaaS come with a whole set of risks. Enterprises are worried about threats such as account hijacking, phishing, ransomware and malware, data exfiltration, advanced persistent threats, and distributed denial-of-service attacks. Moving data and applications to the cloud and adopting SaaS come with a whole set of risks. Enterprises are worried about threats such as account hijacking, phishing, ransomware and malware, data exfiltration, advanced persistent threats, and distributed denial-of-service attacks. Config chaos: One place just about all parties find common ground when assessing cloud and SaaS risk is in the thorny issue of misconfigurations, one of the top concerns for both cloud (24%) and SaaS (33%). The level of concern, however, appears to fall well short of the scope of the actual misconfiguration problem in the wild. One place just about all parties find common ground when assessing cloud and SaaS risk is in the thorny issue of misconfigurations, one of the top concerns for both cloud (24%) and SaaS (33%). The level of concern, however, appears to fall well short of the scope of the actual misconfiguration problem in the wild. Situational blindness: Few enterprises engage in ongoing or continuous assessment of their cloud and SaaS environments. The rest do security assessments at intervals that range largely from once a quarter (18% for cloud, 11% for SaaS) to once a year (25% cloud, 26% SaaS), and in some cases not at all. Few enterprises engage in ongoing or continuous assessment of their cloud and SaaS environments. The rest do security assessments at intervals that range largely from once a quarter (18% for cloud, 11% for SaaS) to once a year (25% cloud, 26% SaaS), and in some cases not at all. Difficulty patching: Enterprises are also concerned about adversaries exploiting unpatched vulnerabilities in web applications (39%) and cloud environments (23%). Almost 1 in 5 say they have difficulty applying security updates and patches, creating a situation where organisations are exposed to attack as a result of exploitable vulnerabilities. Enterprises are also concerned about adversaries exploiting unpatched vulnerabilities in web applications (39%) and cloud environments (23%). Almost 1 in 5 say they have difficulty applying security updates and patches, creating a situation where organisations are exposed to attack as a result of exploitable vulnerabilities. Sluggish response: Topping the list of IR concerns are a lack of skilled workers (49%), limited visibility into cloud and hosted environments (46%), and the inherent complexity of cloud-centric incidents (46%). 'The data shows in stark relief the real-world challenges defenders face when it comes to shoehorning traditional security practices and methods — things like managing configs and vulnerabilities, controlling access, and corralling siloed security tools — into the defences of dynamic multi-cloud and multi-SaaS environments', commented Shilpa Gite, Senior Manager, Cloud Security Compliance, Qualys. 'The research underscores the importance of a comprehensive, unified, strategic approach to cloud and SaaS security that brings together continuous scanning and vulnerability assessment, automated remediation efforts, AI-powered threat detection and response capabilities, and cross-platform risk prioritisation features'. To enhance security posture, organisations should consider: Implementing continuous monitoring and assessment: Enterprises should move away from periodic assessments and adopt continuous security monitoring to identify and mitigate threats in real time. Continuous assessment helps in promptly detecting vulnerabilities that emerge due to constant updates and configuration changes in cloud and SaaS environments. Enterprises should move away from periodic assessments and adopt continuous security monitoring to identify and mitigate threats in real time. Continuous assessment helps in promptly detecting vulnerabilities that emerge due to constant updates and configuration changes in cloud and SaaS environments. Adopting a unified security platform: Using a single, integrated security platform to manage all aspects of security across on-premises, cloud, and SaaS environments is crucial. A unified platform provides comprehensive visibility, streamlined security operations, and consistent policy enforcement, hence reducing the risk of security gaps and inefficiencies wherever they occur. Using a single, integrated security platform to manage all aspects of security across on-premises, cloud, and SaaS environments is crucial. A unified platform provides comprehensive visibility, streamlined security operations, and consistent policy enforcement, hence reducing the risk of security gaps and inefficiencies wherever they occur. Enhancing identity and access management (IAM): Proper IAM practices are essential for securing access to sensitive data and systems, especially in cloud and hosted systems. Enterprises need robust IAM solutions that include multi-factor authentication, least privilege access, and regular access reviews to prevent unauthorised access and minimise insider threats. Proper IAM practices are essential for securing access to sensitive data and systems, especially in cloud and hosted systems. Enterprises need robust IAM solutions that include multi-factor authentication, least privilege access, and regular access reviews to prevent unauthorised access and minimise insider threats. Leveraging automation for security processes: Automating security processes such as vulnerability scanning, patch management, configuration and change management, and incident response, significantly improves operational efficiency and reduces risk of human error. Automation especially empowers under-resourced security teams — that means most of them — to quickly address threats and maintain a mature, proactive security posture. Automating security processes such as vulnerability scanning, patch management, configuration and change management, and incident response, significantly improves operational efficiency and reduces risk of human error. Automation especially empowers under-resourced security teams — that means most of them — to quickly address threats and maintain a mature, proactive security posture. Investing in advanced threat detection and response capabilities: To combat sophisticated threats such as advanced persistent threats (APTs), ransomware, and nextgen malware, enterprises should invest in AI-powered threat detection and response solutions. These advanced capabilities enable organisations to detect and respond to threats swiftly, minimising potential damage. 0 0
TECHx
09-04-2025
- Business
- TECHx
New Study Reveals Key Challenges in Cloud and SaaS Security
New Study Reveals Key Challenges in Cloud and SaaS Security News Desk - Share New research by Qualys, conducted by Dark Reading, highlights the growing challenges in cloud and SaaS security. The study reveals that security professionals are grappling with complexities in protecting cloud assets, managing risks, and navigating the intricacies of multi-cloud environments. Cloud adoption is now widespread, with 57% of organizations using two to three cloud providers and 58% deploying at least five SaaS applications across the enterprise. However, this complexity brings significant challenges. 60% of professionals are managing outputs from multiple cloud and SaaS security tools, making the process inefficient and difficult to optimize. Security teams are also facing several pain points. 54% of respondents cited cost as a major concern, followed by 36% worried about system reliability and performance. Additionally, 27% pointed out the lack of skilled professionals in cloud security as a barrier. The growing threat landscape, including risks like phishing, ransomware, and DDoS attacks, only adds to the pressure. One of the biggest risks identified is misconfigurations. 24% of cloud professionals and 33% of SaaS professionals flagged this as a top concern, but the actual scope of misconfigurations is believed to be much larger. Despite this, many organizations perform security assessments infrequently—with 18% doing so quarterly for cloud and 11% for SaaS. The study also highlights the vulnerability patching issue. 39% of enterprises worry about unpatched vulnerabilities in web applications, and 23% are concerned about vulnerabilities in cloud environments. Additionally, almost 1 in 5 organizations face difficulties in applying necessary security updates. Response times are also a challenge. 49% of respondents cited a shortage of skilled workers, 46% pointed to limited visibility, and another 46% highlighted the complexity of cloud-based incidents as the main reasons for sluggish responses. According to Shilpa Gite, Senior Manager of Cloud Security Compliance at Qualys, the findings show the difficulties organizations face when applying traditional security methods to dynamic cloud and SaaS environments. She stressed the need for a comprehensive security approach that integrates continuous scanning, automated remediation, and AI-powered threat detection. To improve cloud and SaaS security, experts recommend continuous monitoring to detect vulnerabilities in real time, using unified security platforms for better visibility and policy enforcement, and strengthening identity and access management (IAM) practices. Automation is also key to improving efficiency and minimizing human error. Investing in AI-driven threat detection will help organizations stay ahead of increasingly sophisticated attacks.
Tahawul Tech
09-04-2025
- Business
- Tahawul Tech
20% of security professionals struggle applying security updates in cloud environments
New research commissioned by Qualys and conducted by Dark Reading shines new light on the various ways information security professionals are coping — or struggling — with the difficulties and nuances of safeguarding cloud and SaaS assets, including measuring, communicating, and eliminating cyber risk in the cloud. Key findings from the research include: Cloud adoption is ubiquitous and complex: Most organisations polled (57%) use two to three cloud service providers, and 58% have at least five corporatewide SaaS applications deployed. To secure this complex environment, the majority (60%) must manage and reconcile outputs from two or more separate cloud and SaaS security tools — a task they find challenging and suboptimal. Most organisations polled (57%) use two to three cloud service providers, and 58% have at least five corporatewide SaaS applications deployed. To secure this complex environment, the majority (60%) must manage and reconcile outputs from two or more separate cloud and SaaS security tools — a task they find challenging and suboptimal. Sleepless nights: Professional defenders singled out cost (54%), system reliability and performance (36%), and limited cloud-specific security staff skills (27%) as the cloud and SaaS issues that concerned them the most. Professional defenders singled out cost (54%), system reliability and performance (36%), and limited cloud-specific security staff skills (27%) as the cloud and SaaS issues that concerned them the most. Attacks are relentless: Moving data and applications to the cloud and adopting SaaS come with a whole set of risks. Enterprises are worried about threats such as account hijacking, phishing, ransomware and malware, data exfiltration, advanced persistent threats, and distributed denial-of-service attacks. Moving data and applications to the cloud and adopting SaaS come with a whole set of risks. Enterprises are worried about threats such as account hijacking, phishing, ransomware and malware, data exfiltration, advanced persistent threats, and distributed denial-of-service attacks. Config chaos: One place just about all parties find common ground when assessing cloud and SaaS risk is in the thorny issue of misconfigurations, one of the top concerns for both cloud (24%) and SaaS (33%). The level of concern, however, appears to fall well short of the scope of the actual misconfiguration problem in the wild. One place just about all parties find common ground when assessing cloud and SaaS risk is in the thorny issue of misconfigurations, one of the top concerns for both cloud (24%) and SaaS (33%). The level of concern, however, appears to fall well short of the scope of the actual misconfiguration problem in the wild. Situational blindness: Few enterprises engage in ongoing or continuous assessment of their cloud and SaaS environments. The rest do security assessments at intervals that range largely from once a quarter (18% for cloud, 11% for SaaS) to once a year (25% cloud, 26% SaaS), and in some cases not at all. Few enterprises engage in ongoing or continuous assessment of their cloud and SaaS environments. The rest do security assessments at intervals that range largely from once a quarter (18% for cloud, 11% for SaaS) to once a year (25% cloud, 26% SaaS), and in some cases not at all. Difficulty patching: Enterprises are also concerned about adversaries exploiting unpatched vulnerabilities in web applications (39%) and cloud environments (23%). Almost 1 in 5 say they have difficulty applying security updates and patches, creating a situation where organisations are exposed to attack as a result of exploitable vulnerabilities. Enterprises are also concerned about adversaries exploiting unpatched vulnerabilities in web applications (39%) and cloud environments (23%). Almost 1 in 5 say they have difficulty applying security updates and patches, creating a situation where organisations are exposed to attack as a result of exploitable vulnerabilities. Sluggish response: Topping the list of IR concerns are a lack of skilled workers (49%), limited visibility into cloud and hosted environments (46%), and the inherent complexity of cloud-centric incidents (46%). 'The data shows in stark relief the real-world challenges defenders face when it comes to shoehorning traditional security practices and methods — things like managing configs and vulnerabilities, controlling access, and corralling siloed security tools — into the defences of dynamic multi-cloud and multi-SaaS environments', commented Shilpa Gite, Senior Manager, Cloud Security Compliance, Qualys. 'The research underscores the importance of a comprehensive, unified, strategic approach to cloud and SaaS security that brings together continuous scanning and vulnerability assessment, automated remediation efforts, AI-powered threat detection and response capabilities, and cross-platform risk prioritisation features'. To enhance security posture, organisations should consider: Implementing continuous monitoring and assessment: Enterprises should move away from periodic assessments and adopt continuous security monitoring to identify and mitigate threats in real time. Continuous assessment helps in promptly detecting vulnerabilities that emerge due to constant updates and configuration changes in cloud and SaaS environments. Enterprises should move away from periodic assessments and adopt continuous security monitoring to identify and mitigate threats in real time. Continuous assessment helps in promptly detecting vulnerabilities that emerge due to constant updates and configuration changes in cloud and SaaS environments. Adopting a unified security platform: Using a single, integrated security platform to manage all aspects of security across on-premises, cloud, and SaaS environments is crucial. A unified platform provides comprehensive visibility, streamlined security operations, and consistent policy enforcement, hence reducing the risk of security gaps and inefficiencies wherever they occur. Using a single, integrated security platform to manage all aspects of security across on-premises, cloud, and SaaS environments is crucial. A unified platform provides comprehensive visibility, streamlined security operations, and consistent policy enforcement, hence reducing the risk of security gaps and inefficiencies wherever they occur. Enhancing identity and access management (IAM): Proper IAM practices are essential for securing access to sensitive data and systems, especially in cloud and hosted systems. Enterprises need robust IAM solutions that include multi-factor authentication, least privilege access, and regular access reviews to prevent unauthorised access and minimise insider threats. Proper IAM practices are essential for securing access to sensitive data and systems, especially in cloud and hosted systems. Enterprises need robust IAM solutions that include multi-factor authentication, least privilege access, and regular access reviews to prevent unauthorised access and minimise insider threats. Leveraging automation for security processes: Automating security processes such as vulnerability scanning, patch management, configuration and change management, and incident response, significantly improves operational efficiency and reduces risk of human error. Automation especially empowers under-resourced security teams — that means most of them — to quickly address threats and maintain a mature, proactive security posture. Automating security processes such as vulnerability scanning, patch management, configuration and change management, and incident response, significantly improves operational efficiency and reduces risk of human error. Automation especially empowers under-resourced security teams — that means most of them — to quickly address threats and maintain a mature, proactive security posture. Investing in advanced threat detection and response capabilities: To combat sophisticated threats such as advanced persistent threats (APTs), ransomware, and nextgen malware, enterprises should invest in AI-powered threat detection and response solutions. These advanced capabilities enable organisations to detect and respond to threats swiftly, minimising potential damage. Download the full report to get the latest data, trends, and actionable takeaways that will help you secure your cloud stack with confidence. Image Credit: Qualys
