Join us for the FREE Cyber Defense Forum | Live Online on October 9


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Enterprise Users Say That While Use of Cloud Services Is Increasing, They Lack Visibility to Secure Data

More Sensitive Data Than Ever Stored in the Cloud, But Access and Breaches Remain Biggest Concerns

  • Bethesda, MD
  • October 26, 2017

A new SANS survey finds that organizations are putting more sensitive customer-related data, particularly personally identifiable information (PII) and healthcare records in the cloud than ever. This and other data from the 2017 Cloud Security Survey will be released by SANS Institute in a two-part webcast on Tuesday, November 1 and Wednesday, November 2.

The survey of security practitioners finds that they continue to have major concerns about sensitive data. More than 60% worry about unauthorized access by outsiders, followed by insecure, unmanaged devices accessing sensitive info from the cloud, followed by breach of sensitive data by cloud personnel. This concern aligns with their implementation of top controls, in which more than 80% of respondents are utilizing VPN (to secure access), log management, and vulnerability management as their top three controls that work for cloud environments. Just under 80% are utilizing encryption, as well.

Respondents still believe they lack visibility, auditability and effective controls to actually monitor everything that goes on in their public clouds, with 55% indicating that they are hindered from performing adequate forensic and incident response activities by a lack of access to logs and underlying system and application details in cloud environments.

"The survey did find increased use of security controls within cloud provider environments and wider use of security-as-a-service (SecaaS) solutions to achieve in-house and external security and compliance requirements," says Dave Shackleford, SANS Analyst and author of the report. "But the acceptance of in-cloud controls and services continues to lag behind the pace of organizations moving assets into the cloud."

Full results will be shared during a two-part webcast on Tuesday, November 1 and Wednesday, November 2 at 1 PM Eastern time, sponsored by BMC, Forcepoint, McAfee, and Qualys, and hosted by SANS. Register to attend the webcasts at and

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and cloud security expert, Dave Shackleford.

Tweet This:

Cloud security in depth: 2017 SANS Survey Results | Nov. 1 | Nov. 2 -

60% worry about data security in the cloud. Learn more | Nov. 1 |

VPN, log management, vulnerability management ranked top 3 cloud security controls - Learn more | Nov. 2 |

Securing cloud implementations in today's threat landscape. Register today | and

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (