(ISC)²'s bi-monthly e-newsletter Cloud Security INSIGHTS, delivers timely, must-read original articles for the professional development of infosecurity practitioners focused on cloud security.
CLOUD SECURITY INSIGHTS MAY ISSUE SPONSOR
Online MS in Cybersecurity from Drexel University
Drexel University’s online MS in Cybersecurity utilizes the College of Computing & Informatics and College of Engineering’s network of professionals to give students access to the latest research, tools and insights, and prepares students to meet the workforce needs through rigorous academic and experiential practical training.
MAY CLOUD SECURITY INSIGHTS
Survey: Security Lags as Cloud Use Rapidly Grows More Complex
BY SHAWNA McALEARNEY
|Image Credit: Getty Images|
Offering flexibility, convenience and speed to drive business initiatives, the cloud continues to present unrivaled opportunities for innovation—if it can be properly secured. Unfortunately, security efforts are still coming up short in many environments.
“Between the use of multiple cloud platforms and heterogeneous security solutions, to the lack of qualified personnel needed to implement and manage them, enterprises find themselves compromising security to achieve their business objectives,” according to FireMon’s The 2020 State of Hybrid Cloud Security survey of 522 IT and security professionals.
“Many enterprises are overburdened by the continuous onslaught of hybrid cloud security challenges, including lack of automation and third-party tool integration, coupled with budget constraints and staffing shortages,” according to the report. FireMon, a provider of network security automation tools, said that its second annual survey “finds no relief for enterprises dealing with increased complexity and scale of their hybrid cloud environments.”
Analyst firm ESG, according to the report, released a survey showing “86% of IT professionals and application developers report their companies are under pressure to develop and launch new products and services at an accelerating pace.” When correlated with its own survey findings of continued inadequate cloud security, FireMon found “almost 60% of this year’s respondents say that deployment of their business services in the cloud has accelerated past their ability to adequately secure them in a timely manner.”
With analyst firm Gartner predicting—well before the global pandemic—exponential growth for the cloud services industry through 2022, solutions are needed now.
“Cloud services are definitely shaking up the industry,” Sid Nag, research vice president at Gartner, said in a 2019 press release. “At Gartner, we know of no vendor or service provider today whose business model offerings and revenue growth are not influenced by the increasing adoption of cloud-first strategies in organizations. What we see now is only the beginning. … Gartner projects the market size and growth of the cloud services industry at nearly three times the growth of overall IT services.”
Less than 10% of FireMon survey respondents use no public cloud platforms, compared to 25.6% in the prior year’s survey. The widespread acceptance of public clouds reflects growing comfort with these platforms. Nearly half of respondents reported using two or more different public cloud platforms, and more than a third used two or more container platforms.
In a sharp increase of nearly 20% over last year, the survey found that 78.2% of respondents use two or more different enforcement points on their hybrid networks, and 40.4% are using two or more network security controls in their public cloud environments.
Nearly one-third of respondents identified configuration errors as the biggest security threat to their hybrid cloud environment. Of those, 73.5% indicated they were using manual processes. Meantime, 35.4% of all survey-takers reported not using security automation in their hybrid environments.
Additional threats, such as unauthorized access, topped the list of concerns for 19.5%; ransomware/malware was cited by 13%.
Nearly a quarter identified a lack of global visibility as their biggest challenge in managing multiple network security tools across a hybrid cloud environment. Some 18% said there were too many tools and consoles to keep up with, while about 15% cited a lack of actionable data derived from the tools.
In terms of security spending, 78% of respondents spend less than a quarter of their total security budget on the cloud, and 45% spend less than 10%. Notably, more than half of respondents say their cloud security budgets will increase in the next 12 months.
Ignorance Is Not Bliss
An ongoing obstacle to successfully securing public cloud platforms stems from “confusion on the shared responsibility security model and a lack of understanding on where security obligations fall,” according to the FireMon survey.
It found that “while respondents are using one or more ‘as-a-Service’ models in tandem, those who do not understand the model or did not know responsibility was shared came in at 21.8% for Software-as-a-Service (SaaS), 20.7% for Platform-as-a-Service (PaaS) and 18.8% for Infrastructure-as-a-Service (IaaS).”
The survey results show organizations still face many challenges, including the typical underfunding and understaffing seen so often in cybersecurity, as well as increased complexity and a lack of visibility. Automation, the report authors said, may be an option now worth exploring.
SHAWNA McALEARNEY is a freelance writer and regular contributor based in Las Vegas.