rvlsoft - Fotolia

CSA report shows frustrations with security alerts, endpoint agents

New Cloud Security Alliance research shows growing fatigue with security alerts and endpoint agents, as well as growing adoption of IaaS and positive signs for Microsoft Azure.

Enterprise IT professionals are so inundated with security alerts and false positives that nearly a third of them admit to simply ignoring alerts, according to new research from the Cloud Security Alliance.

The CSA survey, titled IT Security in the Age of Cloud, offered some sobering statistics for enterprise security teams. In the survey of 228 IT and information security professionals, which was sponsored by cloud access security broker Skyhigh Networks, nearly 32% said they ignore security alerts because there are so many false positives. The CSA survey also showed growing frustration with endpoint agents, which many security vendors rely on to monitor and secure client and mobile devices that connect to cloud services.

But the news wasn't all bad, as the survey highlighted positive trends for IT security budgets and infrastructure-as-a-service (IaaS) providers, with Microsoft in particular seeing positive results. A majority of survey respondents (53.7%) said their organizations plan to increase their IT security budget in the next 12 months, a sizeable increase from the 44.5% who said their budget increased in the previous 12 months. In addition, the survey showed strong IaaS adoption; 31.2% of the average enterprise's computing resources come from IaaS providers, and survey respondents expect that to grow to 41% of all resources within the next 12 months.

One of the more interesting data points from the CSA survey involved the major public cloud players. Amazon Web Services is still the dominant IaaS provider, with 37.1% of survey respondents naming AWS as the most widely used service within their organizations. But the survey also showed Microsoft Azure is closing the gap in market share with a close second place, as 28.4% of respondents said it was the most popular service for their organizations -- Google ranked third, with a 16.5% share.

Problems with security alerts, endpoint agents

In addition to alert fatigue pushing almost a third of respondents to ignore security alerts, the CSA survey also showed other troubling trends, such as the increasing number of security tools that generate alerts. For example, nearly one out of five organizations has more than 10 security products or services, including cloud access security brokers, that generate security alerts.

Kamal Shah, senior vice president of product at Skyhigh, based in Campbell, Calif., said he was surprised to see as much as 32% of respondents admitting they ignored security alerts. "You look at the Target breach and other incidents like it, where the alerts were there, but they weren't acted on, and you have to wonder why that is," he said. "We need to give people context and actionable information through alerts. And we need to be able to better distinguish between an anomaly and a threat."

According to the CSA survey, 40.4% of respondents said the security alerts they receive lack actionable information to investigate potential incidents. In addition, 25.9% said they receive more alerts than they can investigate. The survey also showed agitation with endpoint agents, which are also used by many security vendors, as 100% of survey respondents said they have experienced at least one significant IT issue as a result of an agent.

In addition, 63.6% of IT professionals surveyed report they have experienced slower device performance as a result of an endpoint agent, and 44.3% have had challenges with device and driver conflicts that break functionality of the devices. Meanwhile, privacy and liability concerns are compounding frustrations with endpoint agents, as 67.5% of respondents said they don't want a corporate endpoint agent on their personal devices.

Shah said just as IT professionals are dealing with too many security alerts, the devices they monitor and manage are suffering from too many agents that negatively affect both the devices themselves and the users. "As the report says, I think the security industry needs to do a better job with agents and reduce the problems they cause, or move away from them," he said, noting that Skyhigh doesn't use agents for its CASB platform. "If the number of agents on each device keeps growing and the problems continue, people just aren't going to use them anymore."

Next Steps

Learn more about Skyhigh Networks' patent for CASB technology

Find out why redundant cloud security controls are creating problems

Read about the growing threat of cloud malware for CSPs

Dig Deeper on Cloud Network Security Trends and Tactics