SANS (Internet Storm Center) has been an excellent resource for security best practices and breaking news for years. This study documents current challenges in corporate security:

In 2015, 148 million records have been breached in 129 reported incidents—incidents that sometimes go undetected for months at a time. As far along as we are in 2015 technology and despite all the security solutions available, a majority of enterprises still do not have adequate basic perimeter security or threat responsiveness to protect their data centers and cloud systems. Hacker break-ins and data theft reports nearly every week in the news bear this out.

The SANS (System Administration, Networking and Security) Institute, a respected global information security training and analysis provider, has come out with its first “State of Dynamic Data Center and Cloud Security in the Modern Enterprise Survey and Research Report,” and most of the findings are disconcerting at best.

The report, released Oct. 14, included the following metrics:

1. Nearly six in 10 (59 percent) organizations say they are able to contain a threat within 24 hours, which is an eternity in security time. A full day leaves systems open to prolonged and increased damages as attacks spread laterally through data centers and clouds.

2. Containment times reported by respondents included: up to 8 hours (37 percent of respondents); up to 24 hours (21 percent); less than a week (19 percent); and more than a week (17 percent).

3. Notably, 55 percent of respondents are dissatisfied with the length of time it takes them to contain and recover from attacks.

4. Traditional tools not stopping breaches: Forty-four percent of enterprises reporting breach information have had sensitive data accessed by attackers; these same respondents were among those using traditional security tools in their data centers and clouds

5. Security losing ground in cloud, distributed computing game: Thirty-seven percent of organizations use distributed cloud and data center computing systems; 44 percent of respondents said their biggest challenge was that cloud providers don’t offer visibility needed to protect users and data; 19 percent say cloud providers don’t give them security support needed; and 49 percent have no formal cloud security strategy in place.