The study found that 99 percent of organizations that experienced cloud-related breaches identified identities and permissions as the main cause. Among the security risks to their cloud infrastructure, respondents ranked insecure human/service identities and risky permissions as the top issue (39 percent). Key challenges to securing identities and permissions included lack of visibility (53 percent) and fear among developers/DevOps that ‘security will break something’ (43 percent).

The study also revealed a shortage of cloud skills, with many organizations lacking expertise in cloud infrastructure security, which is contributing to cloud-related breaches. A significant 95 percent of organizations are affected by a lack of expertise in cloud infrastructure protection, and two-thirds of respondents believe this lack of expertise puts their organization at risk. Diane Benjuya, the senior product marketing manager at Tenable, expressed the inevitability of breaches in the cloud world and highlighted the importance of cloud security platforms in both identifying vulnerable points of entry and minimizing a hacker’s ability to cause harm once in.

Given these findings, Benjuya’s blog post questioned what cloud security professionals perceive as the greatest source of risk, whether it be workload vulnerabilities, ransomware attacks, or third party access.