Managing firewall risks in the cloud
Posted on 03 November 2011.
67 percent of IT security respondents in a Ponemon Institute study, report that their organization is very vulnerable or vulnerable because cloud ports and firewalls are not adequately secured.

Furthermore, 54 percent of respondents said their organizations’ IT personnel are not knowledgeable or have no knowledge about the potential risk of open firewall ports in their cloud environments.

The research was conducted to determine the challenges organizations face when managing access and securing firewalls and ports in cloud environments. The study analyzed responses from 682 IT and IT security practitioners in the United States working in organizations that use hosted or cloud servers (dedicated or virtual private servers).

On average, respondents have more than 10 years of IT or IT security experience, and 40 percent come from organizations with 5,000 employees or more in globally dispersed locations.

“We believe this is the first study to look at the risk to cloud security because of unsecured ports and firewalls, and the results are very revealing,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. “It is commonly accepted that organizations believe they struggle with security in the cloud, but this study gets to a root of the problem. For example, more than half of the respondents said it is very likely or likely that administrative cloud server ports left open for access expose the organization to increased hacker attacks and security exploits. Nineteen percent say these exploits have already happened.”

Additional key findings of the study include:
  • 52 percent of respondents rate their organizations’ overall management of cloud server security as fair (27 percent) and poor (25 percent); 21 percent responded “no comment”.
  • 42 percent of respondents fear they would not know if their organizations’ applications or data was compromised by a security exploit or data breach involving an open port on a cloud server.
  • 79 percent of respondents believe that being able to efficiently manage security in the cloud is just as important as cloud security itself.
  • 73 percent of respondents believe the cloud server firewall is the first place to stop attacks and prevent exploits.
  • 72 percent of respondents said automation is important to cloud firewall policy management.
  • 36 percent of respondents report that their organizations cannot manage access or generate reports efficiently; and 29 percent say they manage access through the cloud provider’s tools but cannot see the access reports.
  • 78 percent of respondents say the most important feature to cloud server security is the ability to close ports automatically, so they don’t have to manually reconfigure their firewall.
The complete study is available here (registration required).


eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Dec 19th