While many organizations continue to focus on security policies mainly and query around physical devices, the vast majority of an organization?s assets ? and security issues ? are now in the cloud, according to a study published by JupiterOne
The study, 2022 State of Cyber Assets Report, assesses the current state of security for enterprise cyber assets. Those assets include cloud workloads, devices, networks, apps, data, and users.
Cloud assets outnumber physical devices
97% of security findings come from cloud assets, such as applications, hosts, and containers. And in all, nearly 90% of all assets are cloud-based, stated report.
That means that physical devices ? including PCs, smartphones, routers and IoT devices ? represent less than 10% of total devices within organizations, and they generate only about 3% of security findings, according to the report.
The further report suggested that yet when it comes to security policies, cloud-specific policies constitute 28.8% of the total number, the report found.
Meanwhile, security data queries ? which reveal what the security teams care most about ? are also weighted toward physical devices rather than the cloud, according to the report.
In other words, many organizations are still operating in the old mindset where there?s a lot of attention placed on securing physical assets, and not as much on other assets.
The report found that 91.3% of code assets in the average organization are developed by a vendor or third party.