BY Richard Summerfield
There has been a lot of talk around the potential of cloud computing. The cloud is often heralded as the future of many organisations as it will fundamentally alter business strategies. Yet, maintaining security in the cloud is a challenging and contentious issue.
Indeed, many security professionals consider their existing tools to be inadequate for securing critical cloud data, even as their organisations invest heavily and with increasing speed in cloud applications, according to a new report from ESG.
The report, ‘Retooling CyberSecurity Programs for the Cloud-First Era’, based on surveys with responses ranging from approximately 392-600 senior IT decision makers and cyber security professionals, suggests that there is a security gap in cloud computing which is both wide and dangerous.
Though cloud-first strategies are becoming more common, 81 percent of respondents said their on-premises data security practices are more advanced than those intended to secure cloud-based data. Furthermore, 50 percent of respondents say that their organisation has lost cloud-resident data.
Ninety percent of respondents are concerned about not having visibility into misconfigured cloud services, server workloads, network security or privileged accounts. Eighty-three percent of respondents also stated they had concerns about the misuse of privileged accounts by insiders. Thirty-five percent say that the use of multiple cyber security controls has increased complexity and 66 percent say IT is more complex than it was two years ago.
Forty-three percent of respondents cited maintaining consistency across the disparate infrastructures of hybrid, multi-cloud environments where cloud-native apps are deployed as the biggest challenge in securing cloud-native apps, and 43 percent of respondents said that DevSecOps automation is the highest cloud security priority to address many of these concerns.
“The cloud is no longer merely a backup target – it’s now the center of computing gravity for many businesses,” said Doug Cahill, ESG’s Cybersecurity Group Director and Senior Analyst. “Cloud-first strategies are becoming more common, and yet security capabilities are lagging behind cloud adoption. The gap between the degree to which cloud services and cloud-native technologies have and will continue to be consumed and organizational readiness to secure that usage requires a retooling of cybersecurity programs to keep pace with the speed of the cloud era.”