As adoption of cloud infrastructure increases, customers are becoming over-reliant on cloud vendors to provide security solutions and services.
That's the view of CyberArk, citing new findings which found that 77 per cent of Singapore-based businesses rely primarily on cloud providers to protect workloads.
As organisations increasingly move critical applications, regulated customer data and development work into public cloud environments, 44 per cent of Singaporean businesses believe the number one benefit for moving workloads to the cloud is to offload security risk.
This is despite many public cloud providers providing guidance on their shared responsibility models for security and compliance in cloud environments.
“As organisations in Singapore increasingly use public cloud services to enhance business competitiveness and growth, it is critical that they understand and plan to protect the high value credentials that allow access to cloud-based data and assets, just as they do in on-premises environments,” said Vincent Goh, senior vice president of APJ at CyberArk.
"Our survey found a lack of clarity about where security accountability stops and starts - securing the public cloud should be a shared responsibility between public cloud providers and client organisations."
Furthermore, as customers utilise the cloud to accelerate digital transformation, Goh said there must be greater awareness of where potential security risks exist.
The study found that 60 per cent of Singapore customers migrate business critical applications, such as enterprise resource planning (ERP), customer relationship management (CRM) or financial management, into the public cloud.
In addition, 41 per cent of businesses were found to store customer data subject to regulatory oversight in the public cloud, while 48 per cent use the public cloud for internal development, including DevOps.
And despite 77 per cent of organisations relying on the cloud provider’s built-in security, 68 per cent of this number recognise that the cloud providers’ built-in security is not sufficient.
According to findings, the top three security concerns in public cloud usage include insiders, partners and contractors with privileged access (61 per cent); unauthorised access to cloud management consoles (61 per cent), shared credentials across compute, storage or application instances (50 per cent).
However, the problem becomes critical when unsecured and unmanaged credentials provide privileged access, which can enable attackers to escalate privileges and gain elevated access within the cloud infrastructure.
The survey also found that more than half of the organisations (52 per cent) are unaware that credentials, secrets and privileged accounts exist in infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) environments, while only 58 per cent currently have a privileged access security strategy in place for cloud infrastructure and workloads.