Cloud Security Teams Suffer Burnout
Orca Security‘s 2022 Cloud Security Alert Fatigue Report shows cloud security teams are suffering burnout, which could have serious ramifications for organizations. The company surveyed more than 800 IT professionals across five countries and 10 industries.
More than half of respondents use three or more cloud providers and 57% have five or more cloud security tools. This combination of multicloud adoption and disparate tooling is overwhelming security teams with a flood of inaccurate alerts. In fact, 59% of respondents receive more than 500 public cloud security alerts per day, and 38% receive more than 1,000 per day.
More than half of respondents spend more than 20% of their time deciding which alerts should be dealt with first. The overload of alerts, combined with widespread inaccuracy (43% say more than 40% of their alerts are false positives) is not only contributing to turnover, but also to missed critical alerts. More than half of respondents said their team missed critical alerts in the past, due to ineffective alert prioritization – often on a weekly and even daily basis.
Avi Shua is Orca Security’s CEO and co-founder.
“Having to sift through hundreds of ‘high priority,’ often meaningless alerts, is causing security practitioners to become overwhelmed and leading to burnout and turnover, exacerbating cybersecurity staff shortages,” he said. “The only way to win the battle of cloud security is to leverage context to the maximum. Practitioners should be enabled to focus on the very few toxic combinations of alerts and attack paths that can put their crown jewels in jeopardy, rather than trying to review thousands of meaningless alerts.”
John Morgan is CEO of Confluera.
“Cloud security teams will have to work smarter, not harder,” he said. “Investigating each and every security alert in a timely manner is simply not feasible as organizations accelerate their cloud and multicloud adoption. Without a new approach, security teams will miss events and alerts that are part of a bigger threat until it’s too late. As organizations embark on multicloud adoption, they have an opportunity to revisit the tools and processes to enable their security teams to work more efficiently.”