Data driven analysis of threats from real customer environments dispels longstanding myths 

alertlogic-state-of-cloud-security-spring2012_Page_01.jpgSAN FRANCISCO – February 27, 2012 – Alert Logic (www.alertlogic.com), the leading provider of Security-as-a-Service solutions for the cloud, today released its first State of Cloud Security Report, a semi-annual quantitative analysis comparing real world security incidents observed in hosted and cloud environments with those observed in traditional on-premise environments. Counter to the conventional wisdom that infrastructure in service provider managed cloud environments is inherently less secure, the analysis found these environments tend to face a lower level of risk than on-premise environments.

The Alert Logic State of Cloud Security Report, Spring 2012 examined 12 months of security data collected from more than 1,500 customers yielding over 62,000 verified security incidents. The security incidents captured during the study period were automatically evaluated through Alert Logic’s expert system and reviewed by Alert Logic’s certified security analysts to ensure accurate detection.

The State of Cloud Security Report found the following:

  • The notion that cloud and service provider managed environments are less secure than traditional on-premise deployments is not supported by the facts. Service provider environments are less likely to see threats, encounter a lower frequency of each type of threat and experience a smaller range of threats per impacted environment, compared to traditional in-house managed IT environments.

  • Service providers appear to bring security benefits to their customers indirectly through their implementation of IT infrastructure management best practices in areas such as configuration and patch management, reducing misconfiguration security incidents by as much as 92 percent.

  • Web application attacks are among the leading source of threats in both types of environments (experienced by 65 percent of service provider customers and 71 percent of on-premise environments). Other common attacks tend to be relatively unsophisticated attacks such as brute force and vulnerability scans.

  • On-premise environments are attacked from many different directions. Out of seven categories of threats analyzed, on-premise customers experienced an average of 3.0 types of attacks, with a small percentage experiencing all seven types. Service provider customers averaged threats in 2.1 categories with none experiencing more than five types of attack.

“While security can never be taken for granted, decisions around where and how to deploy IT infrastructure should be based on fact not fear,” said Marty McGuffin, VP of Operations at Alert Logic.  “Our research suggests that a well managed service provider can not only match the level of security found inside an enterprise’s four walls, but actually exceed it.”

A free download of the 2012 State of Cloud Security Report – Spring 2012 is available at http://www.alertlogic.com/csr.

About Alert Logic

Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud provides solutions to secure the application and infrastructure stack.  By integrating advanced security tools with 24×7 Security Operations Center expertise customers can defend against security threats and address compliance mandates. By leveraging an “as-a-Service” delivery model, Alert Logic solutions include day-to-day management of security infrastructure, security experts translating complex data into actionable insight, and flexible deployment options to address customer security needs in any computing environment. Built from the ground up to address the unique challenges of public and private cloud environments, Alert Logic partners with over half of the largest cloud and hosting service providers to provide Security-as-a-Service solutions for business application deployments for over 1,500 enterprises.  Alert Logic is based in Houston, Texas, and was founded in 2002. For more information, please visit http://www.alertlogic.com.