2020

CLOUD
SECURITY
REPORT

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 1
 INTRODUCTION
As organizations migrate more workloads from on-premises and datacenters to the cloud, security
concerns remain high as the adoption of public cloud computing continues to surge in the wake of the
2020 COVID crisis and the resulting accelerated shift to remote work environments.

Key survey findings include:

• Security remains a key issue for cloud customers, despite continued rapid adoption of cloud computing.
75% of cybersecurity professionals confirm they are very concerned about public cloud security, a small
increase from last year’s cloud security survey.

• When asked about what are the biggest security threats facing public clouds, organizations ranked
misconfiguration of the cloud platform (68%) highest, up from the third spot on last year’s survey. This is
followed by unauthorized access (58%), insecure interfaces (52%), and hijacking of accounts (50%).

• Among the key barriers to cloud adoption, organizations mention a lack of qualified staff (37%) as the
biggest impediment to faster adoption – up from the fifth spot on last year’s survey.

• When selecting a cloud security provider, most organizations look at cost-effectiveness (63%), ease of
deployment (53%), and that the security tools are cloud-native (52%) as their key priorities.

• When asked what criteria organizations consider most important when evaluating a cloud security solution
they prioritize product features (66%), cost (65%), and vendor experience (55%) as the most important
considerations.

• Organizations rely on multi-cloud solutions with most organizations deploying more than three cloud
solutions in their environment.

This 2020 Cloud Security Report has been produced by Cybersecurity Insiders to explore how
organizations are responding to the evolving security threats in the cloud and the continued
shortfall of qualified security staff.

Many thanks to Check Point Software Technologies for supporting this important research project. We
hope you find this report informative and helpful as you continue your efforts in securing your cloud
environments.

Thank you,

Holger Schulze

Holger Schulze
CEO and Founder
Cybersecurity Insiders

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 2
SECURITY IN PUBLIC CLOUDS
Security remains a key issue for cloud customers, despite continued rapid adoption of cloud computing.
Seventy-five percent of cybersecurity professionals confirm they are at least very concerned about public
cloud security, a small increase from last year’s cloud security survey.

How concerned are you about the security of public clouds?

75%
Of organizations are very
to extremely concerned
about cloud security.

42%
19%
33%
5%
1%
Not at all concerned Extremely concerned

Not at all concerned Slightly concerned Moderately concerned Very concerned Extremely concerned

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 3
CLOUD SECURITY CONCERNS
Cloud providers offer increasingly robust security measures as part of cloud services, but customers
are ultimately responsible for securing their workloads in the cloud. The top cloud security challenges
highlighted in our survey are about data loss/leakage (69% - up five percentage points since last year)
and data privacy/confidentiality (66% - up four percentage points). This is followed by concerns about
accidental exposure of credentials and incident response (tied at 44%).

What are your biggest cloud security concerns?

69%
Data loss/leakage
66%
Data privacy/
confidentiality

44% 44% 42% 37%

Accidental Incident Legal and Data sovereignty/

exposure response regulatory residency/control
of credentials compliance

Visibility & transparency 30% | Availability of services, systems and data 28% | Lack of forensic data 27% | Business continuity 26%
Liability 24% | Fraud (e.g., theft of SSN records) 24% | Disaster recovery 23% | Having to adopt new security tools 21% |
Performance 19% | Not sure/other 8%

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 4
BIGGEST CLOUD SECURITY THREATS
When asked about what are the biggest security threats facing public clouds, organizations ranked
misconfiguration of the cloud platform (68%) highest, up from the third spot on last year’s survey.
This is followed by unauthorized access (58%), insecure interfaces (52%), and hijacking of accounts (50%).

What do you see as the biggest security threats in public clouds?

68%
Misconfiguration of
58% 52%
Unauthorized Insecure interfaces/
the cloud platform/ access APIs
wrong setup

50% 43% 36% 33% 28%

Hijacking of External Malicious Foreign Denial of

accounts, sharing insiders state-sponsored service
services or of data cyber attacks attacks
traffic

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 5
TRADITIONAL TOOLS IN THE CLOUD
As workloads continue to move to the cloud, organizations are faced with unique security challenges
presented by cloud computing. Most legacy security tools are not designed for the dynamic,
distributed, virtual environments of the cloud. Eighty-two percent of respondents say traditional
security solutions either don’t work at all in cloud environments or have only limited functionality.

How well do your traditional network security tools/appliances work in cloud

environments?

82%
Claim traditional security
solutions either don’t
work at all or have
limited functionality.

65%
Limited
functionality

18%
All capabilities
work in the cloud

17%
Our traditional network security
tools don’t work in the cloud

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 6
DRIVERS OF CLOUD-BASED
SECURITY SOLUTIONS
Organizations recognize several advantages of deploying cloud-based security solutions, including
faster time to deployment and cost savings (both tied at 41%). This is followed by reduced efforts
around patches and software updates (40%).

What are the main drivers for considering cloud-based security solutions?

41%
Faster time
41%
Cost savings
40%
Reduced efforts
to deployment around patches and
upgrades of software

35% 35% 34% 33%

Better visibility into Need for secure Our data/workloads Meet cloud
user activity and app access from reside in the cloud compliance
system behavior any location (or are moving expectations
to the cloud)

Better performance 30% | Easier policy management 26% | Reduction of appliance footprint in branch offices 21% | Other 5%

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 7
BARRIERS TO CLOUD-BASED
SECURITY ADOPTION
Despite the significant advantages offered by cloud-based security solutions, barriers to adoption
still exist. Our survey reveals that the biggest challenge organizations are facing is not technology,
but people and processes. Staff expertise and training (55%) continues to rank as the highest barrier
to faster adoption, followed by budget challenges (46%), data privacy concerns (37%), and lack of
integration with on-premises platforms (36%).

What are the main barriers to migrating to cloud-based security solutions?

55% 46%
Staff expertise/ Budget
37%
Data privacy
training

36% 30% 29% 25%

Lack of integration Solution Regulatory Data

with on-premises maturity compliance residency
security technologies requirements

Sunk cost into on-premises tools 24% | Integrity of cloud security platform (DoS attack, breach) 17% | Limited control over
encryption keys 15% | Scalability and performance 12% | Not sure/other 10%

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 8
CLOUD MIGRATION SECURITY NEEDS
Training and certifying IT staff (61%) continues to rank as the primary tactic organizations deploy to
assure their evolving security needs are met. Fifty-eight percent of respondents rely on their cloud
provider’s native security tools, and 34% are looking to hire more staff dedicated to cloud security.

When moving to the cloud, how do you handle your changing security needs?

61%
Train and/or certify
58%
Use native cloud
existing IT staff provider security tools*

34% 30% 29%

Hire staff dedicated Deploy security software Partner with a Managed

to cloud security from independent Security Services
software vendors Provider (MSSP)

Other 5%
*(e.g., Azure Security Center, AWS Security Hub, Google Cloud Command Center)

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 9
CLOUD PROVIDER CRITERIA
When selecting a cloud security provider, most organizations look at cost-effectiveness (63%),
ease of deployment (53%), and that the security tools are cloud-native (52%) as their key priorities.
A notable trend year-over-year is the increase in the importance of automation. In 2019, 37% of
organizations wanted a provider with automation tools versus this year 52% of organizations seek
these capabilities.

What do you look for in your cloud security provider?

63% Cost
effectiveness

53%
Ease of
52%
Security tools are
52%
Deploytools with
deployment cloud native automation

48% 44% 44% 42%

Interoperable with Policy Integrates seamlessly Multi-cloud

on-premises solutions customization with cloud platforms support

Demonstrates cloud knowledge 39% | Extends on-premises policies to the cloud 38% | Other 4%

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 10
CLOUD PROVIDER PREFERENCES
We asked organizations what IaaS cloud providers they are currently using, and not surprisingly,
the results mostly reflect the overall rankings of cloud market share among the three biggest cloud
service providers. Amazon web services (AWS) lead the list, followed by Microsoft Azure, and Google
Cloud Platform. Interesting to point out is the growth of Azure (65% in 2019 vs. 69% in 2020). Also
interesting to point out was usage for Google (48% in 2019 versus 37% in 2020,) and Oracle (28%
in 2019 vs 17% in 2020).

What cloud IaaS provider(s) do you currently use or plan to use in the future?

74%

69%

37%

17%

12%

9%

3%

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 11
SECURITY RISK IN THE CLOUD
Organizations in our survey consider the risk of security breaches in public cloud environments
higher (52%) than in traditional, on-premises IT environments. Only 17% see lower risks, and 30%
believe the risks are about the same between the two computing models.

Compared to traditional, on-prem IT environments, would you say the risk of security
breaches in a public cloud environment is …

52%
Consider the risk of security breaches
in public cloud environments higher
than in traditional, on-premises
IT environments.

38%
30%

13% 14%
4%
Significantly Somewhat About Somewhat Significantly
lower lower the same higher higher

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 12
CLOUD SECURITY CAPABILITIES
Among the hundreds of security controls and technologies to protect cloud infrastructure and
workloads, the most widely deployed cloud security capabilities include access control (69%) and
antivirus/anti-malware (53%), followed by multifactor authentication (49%).

What security capabilities have you deployed in the cloud?

69%
Access control
53%
Anti-virus/anti-malware/
49%
Multi-factor
Advanced Threat authentication
Protection (ATP)

46% 46% 43% 42%

Data encryption Cloud data Firewalls/ Application

backup NAC protection
(e.g., WAF,
scanners, etc.)

Single sign-on/user 40% | Network encryption (VPN, packet encryption, transport encryption) 37% | Enpoint security 36% |
Other 4%

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 13
COMPLIANCE CONTINUITY
An overwhelming majority of 90% considers it very important or extremely important to ensure
continuous compliance when migrating secure workloads from on-prem to cloud environments.

If you secure your workloads (VMs, containers, and serverless instances) on-prem, how
important is continuous compliance when they migrate to the cloud?

33% 57%

1%
8%
1%
Not at all important Extremely important

Not at all important Not so important Somewhat important Very important Extremely important

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 14
DEPLOYING CLOUD SECURITY
A majority of 59% says it is likely to very likely that they will deploy a new cloud security solution
within the next 12 months.

How likely is your organization to deploy a new cloud security solution within the next
12 months?

26%Very likely
33%
Likely

6%
Very unlikely

10%
25%
Unlikely

Neither likely
nor unlikely

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 15
CLOUD SECURITY
SOLUTION CRITERIA
When asked what criteria organizations consider most important when evaluating a cloud security
solution they prioritize product features (66%), cost (65%), and vendor experience (55%) as the most
important considerations.

What criteria do you consider most important when evaluating a cloud security solution?

66%
Product features/
65% Cost
functionality

55% 55% 54% 46%

Vendor experience Product Support Provider’s willingness

and reputation performance to adapt and address
our use case

Product ease of use 44% | Contract/term 27% | Customer reviews 13% | Other 5%

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 16
CLOUD SECURITY BUDGET
Nearly 60% of organizations expect their cloud security budget to increase over the next twelve
months. On average, organizations allocate 27% of their security budget to cloud security.

How is your cloud security budget changing in the next 12 months?

59% Budget will

increase 27%
Allocated to
cloud security

34%
Budget
will stay flat

7% Budget
will decline

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 17
CLOUD SOLUTION CRITERIA
We asked what criteria organizations prioritize when deciding between cloud security solutions
offered by independent third-party providers and the cloud-native security solutions offered by the
cloud platform. The most mentioned factor is cost of the security solution (61%). This is followed by
ease of use (55%), solution complexity (53%), and performance (49%).

What criteria are most important to you when deciding between cloud native vs
independent cloud security solutions?

61% 55%
Cost Ease of use
53%
Less complexity and
well integrated

49% 29% 24% 24%

Performance Quicker Cloud vendor security No need to

deployments is good enough, manage another
why would I need vendor
anything else?

Other 4%

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 18
 9%
CLOUD SOLUTION CRITERIA
3%
A majority of organizations deploys up to two public cloud environments (52%).

How many cloud providers does your organization currently use?

68% Deploys up to two

public cloud environments

22% 30% 10% 28% 10%

One Two Three More than 3 None

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 19
 METHODOLOGY & DEMOGRAPHICS
The 2020 Cloud Security Report is based on a comprehensive survey of 653 cybersecurity professionals
conducted in July 2020 to uncover how cloud user organizations are responding to security threats in
the cloud, and what training, certifications and best practices IT cybersecurity leaders are prioritizing in
their move to the cloud. The respondents range from technical executives to IT security practitioners,
representing a balanced cross-section of organizations of varying sizes across multiple industries.

C AR EER LE VEL

23% 20% 14% 12% 8% 4% 19%

Manager/Supervisor Specialist Consultant Director CTO, CIO, CISO, CMO, CFO, COO Owner/CEO/President Other

D EPARTM ENT

50% 14% 8% 8% 3% 3% 3% 11%

IT Security IT Operations Engineering Compliance Operations DevOps SecOps Other

CO M PAN Y S IZE

8% 5% 12% 8% 17% 9% 41%

Fewer than 10 10-99 100-499 500-999 1,000-4,999 5,000-10,000 Over 10,000

I N D USTRY
25% 16% 13% 9% 9% 6% 4% 4% 4% 10%

Government Technology, Software & Internet Financial Services Professional Services Healthcare, Pharmaceuticals, & Biotech
Manufacturing Education & Research Energy & Utilities Telecommunications Other

C LO U D PROVI D ERS C U R R ENTLY US ED

22% 30% 10% 28% 10%

One Two Three More than 3 None

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 20
 Check Point Software Technologies Ltd. is a leading provider of cyber security
solutions to governments and corporate enterprises globally. Its solutions protect
customers from cyber-attacks with an industry leading catch rate of malware,
ransomware and other types of attacks. Check Point offers a multilevel security
architecture that defends enterprises’ cloud, network and mobile device held
information, plus the most comprehensive and intuitive one point of control security
management system. Check Point protects over 100,000 organizations of all sizes.

Process efficiencies and increased network agility are driving SaaS, PaaS and IaaS
technology adoption at a rapid pace. This new infrastructure is also presenting
businesses with a unique set of security challenges. Check Point CloudGuard
provides unified cloud native security for all your assets and workloads, giving
you the confidence to automate security, prevent threats, and manage posture
– everywhere – across your multi-cloud.

www.checkpoint.com

2020 CLOUD SECURITY REPORT All Rights Reserved. Copyright 2020 Cybersecurity Insiders. 21