Ermetic Reports Nearly 100% of Companies Experienced a Cloud Data Breach in Past 18 Months

Ermetic, the cloud infrastructure security company, today announced the results of a research study conducted by global market intelligence firm IDC which found that 98% of the companies surveyed had experienced at least one cloud data breach in the past 18 months compared to 79% last year. Meanwhile, 67% reported three or more such breaches, and 63% said they had sensitive data exposed.

According to the 200 CISOs and other security decision makers who participated in the survey, nearly 60% consider lack of visibility as well as inadequate identity and access management a major threat to their cloud infrastructure. They cited access risk and infrastructure security among their top cloud security priorities for the next 18 months. Meanwhile, 85% of organizations said they plan to increase their security spending this year, with a significant portion being allocated to cloud infrastructure security.

A full copy of the report is available here.

“Even though nearly 70% of companies invest more than 25 hours a week on cloud identity management, the survey found that 83% had at least one access-related cloud data breach,” said Shai Morag, CEO of Ermetic. “In fact, almost 60% of organizations said they consider lack of visibility and inadequate IAM security a major threat to their cloud infrastructure.”

An effective cloud infrastructure security strategy must focus on identities, permissions and entitlements to truly protect against risk. While many companies are using commercial — and even free — cloud provider tools to address their cloud security needs, these typically lack granular visibility and analytic capabilities. As a result, they are unable to capture and unravel the privileges attached to human and machine identities, and lack the automation needed to remediate problems at scale and implement least privilege.

Survey Highlights

As part of the study commissioned by Ermetic, IDC surveyed 200 senior IT security decision makers in the US across the Banking & Insurance (13%), Healthcare (11%), Pharmaceuticals (12%), Manufacturing (11%), Retail (11%), Software Development (11%) and other (31%) sectors. Organizations ranged in size from 1,500 to more than 20,000 employees. Some of the report’s key findings include:

  • 98% of companies in the survey experienced a cloud data breach in the past 18 months, compared to 79% last year; while 67% reported three or more incidents
  • 63% of respondents said their organization had sensitive data exposed in the cloud, this number ballooned to 85% for companies with annual cloud infrastructure budgets of $50M or more
  • 83% of enterprises reported that at least one of their cloud breaches was related to access
  • Access risk and cloud infrastructure security rank among the top five security priorities for companies in the next 18 months
  • Nearly 70% of companies spend more than 25 hours per week managing IAM in cloud infrastructure
  • 71% of organizations use commercial security tools offered by cloud providers, and reported that these tools require a lot of time. Only 20% of organizations said they are very satisfied with their cloud security posture.
  • 92% of companies said they tried, are trying or will try to implement least privilege in the cloud in the next 12 months
  • 50% of large organizations reported they are struggling to implement least privilege. All cited their greatest barriers as too difficult and time consuming (29%), lack of personnel/expertise (29%) or multi-clouds (29%)

A visual representation of the survey findings is available here.

About Ermetic

Ermetic helps prevent breaches by reducing the attack surface of cloud infrastructure and enforcing least privilege at scale in the most complex environments. The Ermetic SaaS platform is an identity-first security solution that provides holistic, multi-cloud protection using advanced analytics to continuously analyze and remediate risks associated with permissions, configurations and behavior across the full cloud infrastructure stack. The company is led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Accel, Glilot Capital Partners, Norwest Venture Partners and Target Global.