“Tenable Network Security surveyed “700 security practitioners across seven key industry verticals and nine countries” that produced “a single report card score that represents overall confidence levels of security practitioners that the world’s cyber defenses are meeting expectations.” The “2017 Global Cybersecurity Assurance Report Card” from Tenable with research partner CyberEdge Group included these comments about the Cloud Darkening:
Cloud software as a service (SaaS) and infrastructure as a service (IaaS) were two of the lowest scoring Risk Assessment areas in the 2016 report. SaaS and IaaS were combined with platform as a service (PaaS) for the 2017 survey and the new “cloud environments” component scored 60% (D-), a seven point drop compared to last year’s average for IaaS and SaaS.
The Report Card included these comments about Mobile Morass:
Identified alongside IaaS and SaaS in last year’s report as one of the biggest enterprise security weaknesses, Risk Assessment for mobile devices once again dropped eight points from 65% (D) to 57% (F).”
I’d like to say the survey is wrong, but let’s face it. We’ve seen multiple hacks against cloud service providers and platforms, and through mobile devices. Why would anyone have a ton of confidence in the security of any online system at this point?
The industry needs to do better.