Cloud Security Alliance Study Identifies New and Unique Security Challenges in Native Cloud, Hybrid and Multi-cloud Environments
May 2019 by Cloud Security Alliance
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and AlgoSec, the leading provider of business-driven network and cloud security management solutions, today announced the results of a new study titled, “Cloud Security Complexity: Challenges in Managing Security in Native Cloud, Hybrid and Multi-Cloud Environments.”
The survey of 700 IT and security professionals aims to analyze and better understand the state of adoption and security in current hybrid cloud and multi-cloud security environments, including public cloud, private cloud, or use of more than one public cloud platform.
Key findings of the study include:
· Cloud creates configuration and visibility problems: When asked to rank on a scale of 1 to 4 the aspects of managing security in public clouds they found challenging, respondents cited proactively detecting misconfigurations and security risks as the biggest challenge (3.35), closely followed by a lack of visibility into the entire cloud estate (3.21). Audit preparation and compliance (3.16), holistic management of cloud and on-prem environments (3.1), and managing multiple clouds (3.09) rounded out the top five.
· Human error and configuration mistakes the biggest causes of outages: 11.4% of respondents reported a cloud security incident in the past year, and 42.5% had a network or application outage. The two leading causes were operational / human errors in management of devices (20%), device configuration changes (15%) and device faults (12%).
· Cloud compliance and legal concerns: Compliance and legal challenges were cited as major concerns when moving into the cloud (57% regulatory compliance; 44% legal concerns).
· Security is the major concern in cloud projects: 81% of cloud users said they encountered significant security concerns. Concerns over risks of data losses and leakage were also high with users when deploying in the cloud (cited by 62%), followed by regulatory compliance concerns (57%), and integration with the rest of the organizations’ IT environment (49%).
“As companies of all sizes are taking advantage of the value of the cloud with its improved agility and flexibility, they are also facing unique new security concerns, especially when integrating multiple cloud services and platforms into an already complex IT environment,” said John Yeoh, Global Vice President of Research, Cloud Security Alliance. “The study findings demonstrate how important it is for enterprises to have holistic cloud visibility and management across their increasingly complex hybrid network environments in order to maintain security, reduce the risk of outages and misconfigurations, and fulfil audit and compliance demands.”
“This survey makes clear that there is no one-size-fits-all cloud deployment model: organizations are choosing to adopt and use cloud resources in the way that suits their business needs. But this cloud flexibility also creates many security challenges for today’s enterprise. Irrespective of how they choose to use cloud resources, end-to-end visibility across the networks is critical to meet security and compliance obligations,” said Jeffrey Starr, CMO of AlgoSec. “Robust network security management and automation become increasingly mission critical. We see organizations moving to automate security management across native cloud, multi-cloud, and hybrid network estates, driving agility while ensuring continuous security for next-generation enterprise environments.”
Commissioned by AlgoSec and conducted by the CSA, the survey also looked to uncover insights on topics such as workloads being used in or moved to the cloud and how they are being deployed/migrated; types of cloud platform(s) being used by companies; common security challenges faced by companies when deploying workloads in the cloud; methods of managing risk and vulnerabilities in the cloud environment; and causes of network or application outages and the amount of time it took to remediate.