The security challenges of managing complex cloud environments
Holistic cloud visibility and control over increasingly complex environments are essential for successful deployments in various cloud scenarios, a Cloud Security Alliance and AlgoSec study reveals.
The survey of 700 IT and security professionals aims to analyze and better understand the state of adoption and security in current hybrid cloud and multi-cloud security environments, including public cloud, private cloud, or use of more than one public cloud platform.
Key findings of the study include:
- Cloud creates configuration and visibility problems: When asked to rank on a scale of 1 to 4 the aspects of managing security in public clouds they found challenging, respondents cited proactively detecting misconfigurations and security risks as the biggest challenge (3.35), closely followed by a lack of visibility into the entire cloud estate (3.21). Audit preparation and compliance (3.16), holistic management of cloud and on-prem environments (3.1), and managing multiple clouds (3.09) rounded out the top five.
- Human error and configuration mistakes the biggest causes of outages: 11.4% of respondents reported a cloud security incident in the past year, and 42.5% had a network or application outage. The two leading causes were operational / human errors in management of devices (20%), device configuration changes (15%) and device faults (12%).
- Cloud compliance and legal concerns: Compliance and legal challenges were cited as major concerns when moving into the cloud (57% regulatory compliance; 44% legal concerns).
- Security is the major concern in cloud projects: 81% of cloud users said they encountered significant security concerns. Concerns over risks of data losses and leakage were also high with users when deploying in the cloud (cited by 62%), followed by regulatory compliance concerns (57%), and integration with the rest of the organizations’ IT environment (49%).
“As companies of all sizes are taking advantage of the value of the cloud with its improved agility and flexibility, they are also facing unique new security concerns, especially when integrating multiple cloud services and platforms into an already complex IT environment,” said John Yeoh, Global Vice President of Research, Cloud Security Alliance.
“The study findings demonstrate how important it is for enterprises to have holistic cloud visibility and management across their increasingly complex hybrid network environments in order to maintain security, reduce the risk of outages and misconfigurations, and fulfil audit and compliance demands.”
“This survey makes clear that there is no one-size-fits-all cloud deployment model: organizations are choosing to adopt and use cloud resources in the way that suits their business needs. But this cloud flexibility also creates many security challenges for today’s enterprise. Irrespective of how they choose to use cloud resources, end-to-end visibility across the networks is critical to meet security and compliance obligations,” said Jeffrey Starr, CMO of AlgoSec.
“Robust network security management and automation become increasingly mission critical. We see organizations moving to automate security management across native cloud, multi-cloud, and hybrid network estates, driving agility while ensuring continuous security for next-generation enterprise environments.”