We recently conducted a survey among 164 US-based IT and security professionals to learn more about cloud adoption and how people are currently securing their servers in the cloud. The result that stuck out the most was in response to the question below:
A whopping 20% of respondents revealed that they do not secure their cloud servers at all – unsettling, of course, but less so than the fact that an even higher proportion of respondents (31.2%) reported that they rely on their cloud infrastructure/provider to protect their servers.
This highlights a critical misunderstanding in the shared responsibility model of using cloud infrastructure: your public cloud provider is not securing your cloud VMs. As we have blogged before, it is your responsibility to lock down your cloud server’s firewall, manage server configuration, update software, and manage server access.
The rest of the raw data is here below: