Cloud Security Improving: Results of the 2019 SANS State of Cloud Security Survey

Bethesda, Md. – The state of cloud security is improving, albeit slowly, according to results of the 2019 SANS State of Cloud Security survey to be released by SANS Institute on May 1, 2019.

“Organizations are continually evolving in their use of cloud services, looking to the cloud for procurement, management and other functions,” says Dave Shackleford, SANS senior instructor and analyst. “Along with that movement, organizations are placing more and more sensitive data in the cloud and facing a variety of security concerns.”

More respondents’ organizations experienced unauthorized access to cloud environments or cloud assets by outsiders: 31% in 2019 compared with just 19% in 2017. And concern about that access has remained high, with 56% of 2019 respondents listing it as a concern. The concern for data breaches by cloud provider personnel dropped from 53% in 2017 to 44% this year, which may indicate some growth in trust in the providers. Other major concerns included inability to respond to incidents (52%), lack of visibility into what data is being processed and where (51%) and unauthorized access to data from other cloud tenants at 50%.

It does not appear that these concerns have translated into an increase in breaches. In 2019, 72% of respondents said they weren’t aware of an actual breach, compared with 59% in 2017. This is good news, assuming that lack of awareness isn’t an issue. While 7% just aren’t sure at all (compared with 21% in 2017), 11% said they did experience a breach, and another 11% think they’ve had one but can’t prove it. The percentage of those who have (or believe they have) experienced a breach is roughly the same as it was in 2017.

“Cloud providers are becoming more open and accommodating of security data and controls,” continues Shackleford. “And more vendor solutions are able to bridge the gap between implementations on-premises and in the cloud, providing slow but sure improvement in cloud security.”

Full results will be shared during a May 1, 2019, webcast at 1 PM Eastern, sponsored by ExtraHop and Sysdig, and hosted by SANS, in conjunction with the Cloud Security Alliance. Register to attend the webcast at

Register for the BONUS webcast on May 7, 2019, at 1 PM Eastern, where survey author Dave Shackleford, Jim Reavis (Cloud Security Alliance) and representatives from ExtraHop and Sysdig will talk in more depth about key issues that arose in the survey.

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and cloud security expert, Dave Shackleford.

Tweet This:

SANS 2019 Cloud Security Survey Results | 5/1 @ 1PM ET | @daveshackleford @jimreavis | Sign up:

What concerns do you have about use of the public #cloud? Join @daveshackleford and @jimreavis as they explore the results of the SANS 2019 Cloud #Security Survey | 5/1 @ 1PM ET |

Cloud Survey BONUS Webcast | 5/7 @ 1 PM ET | Panel of @daveshackleford @jimreavis @ExtraHop @sysdig |

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (