Six Insights from the 2021 SANS Cloud Security Survey

2021’s SANS Cloud Security Survey has been released and is an important read for security stakeholders within an organization. It is also worth tuning into the panel discussion recording that presented and analyzed the findings if you missed it live. In the panel discussion, Dave Shackleford, SANS analyst and CEO of Voodoo Security, and David Greene, Chief Revenue Officer, Fortanix, discusses the findings and share some security best practices. This blog highlights some of the findings of the survey and analysis from the panel discussion.

The goal of the SANS 2021 Cloud Security Survey is to provide insight into how organizations are using cloud today and how security is being handled by organizations. As more and more organizations shift their IT strategies to cloud-based infrastructure, security teams are also evolving to adopt new cloud security services that offer more effective controls and capabilities. This SANS survey explored the types of services organizations are using, what types of controls and tools provide the most value, and how effective cloud security brokering is for a range of use cases.

Finding 1: Go Ahead and Put Your Data in the Cloud, but it’s up to you to keep it secure:

The survey showed increasing amount of sensitive data in the cloud, suggesting that many companies are implicitly trusting their cloud providers.

Question is should they be implicitly trusting cloud providers to move data to cloud?

Read this whitepaper: CISO Guide: The digital transformation of data security to understand some of the data security measures that can be taken to safeguard the sensitive data and how Fortanix can help.

Finding 2: If you think data security is expensive, look at the cost of data breaches.

SANS survey asked whether privacy regulations such as the General Data Protection Regulation (GDPR) were impacting existing or planned cloud strategies, and these were the results:

How is that changing how customers approach data security?

The Ebook ‘ Data privacy in public cloud ‘ highlights some of the data privacy controls that can be implemented for public cloud and how Fortanix can help.

Finding 3: Cloud security controls are still focused on the perimeter, not the data

Why doesn’t encryption appear in the survey as a cloud control used to protect sensitive data?

Finding 4: You can still use Cloud Provider APIs and keep control of your data

As per the survey almost half of the respondents are using Cloud vendor APIs for security operations.

How should this work when using multiple cloud platforms?

Increased adoption of multicloud has fragmented data across different public clouds. And that makes securing data in this multicloud world more complex. To guarantee universal protection of cloud data, security and cloud teams need to get control and visibility of all data from a single pane of glass. This unified approach ensures absolute control over data across clouds by allowing organizations to store and manage all the cryptographic keys and secrets in one place and separate the data from the keys that it protects.

Here’s a webinar that discusses data security across multicloud environments. Finding 5: Current solutions make it difficult to integrate between In-house environment and public cloud, but new solutions make it easier.

Survey points out that many customers are going to have some combination of on-premises and cloud applications and when it came to security encryption was low on this list. Quite simply, this is cause it has been hard to use encryption to protect data in mixed environments.

Why encryption is low on priority and what needs to be done?

Finding 6: Plan an API-driven automated security future

One of the key differences between cloud and on-prem environments is that cloud is significantly more automated.

How does this impact strategies for data security?

Headwinds to continued or expanded cloud usage?

And with increased adoption towards cloud the most pertinent question is what should security and IT professionals do over the next 12 months?

Data that you need to keep secure is literally everywhere — its on public cloud platforms, in SaaS applications, your data warehouse, your storage infrastructure, back in your datacenter. The way to keep data protected everywhere is to encrypt it — encrypted data is as safe on your front lawn as it is in your data center.

Fortanix makes encryption at scale easy, centrally managed, and integrated right into your applications without having to be a cryptography expert. Key management, cloud data security, database encryption, tokenization all in one unified solution.

In this webcast, SANS analyst and survey author Dave Shackleford joins David Greene, Chief Revenue Officer, Fortanix for the deep-dive discussion and analysis of survey results. Tune in now!

Originally published at

Fortanix™ has created the world’s first runtime encryption solution. Enterprises get provable, portable, and preventive security for their applications!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store