The Cloud Security Alliance and AlgoSec published research which queried nearly 1,900 IT and security professionals from a variety of organization sizes and locations, sought to gain deeper insight into the complex cloud environment that continues to emerge and that has only grown more complex since the onset of the pandemic.
The survey found that over half of organizations are running 41 percent or more of their workloads in public clouds, compared to just one-quarter in 2019. In 2021, 63 percent of respondents expect to be running 41 percent or more of their workloads in public cloud, indicating that adoption of public cloud will only continue.
Sixty-two percent of respondents use more than one cloud provider, and the diversity of production workloads (e.g. container platforms, virtual machines) is also expected to increase.
Top concerns with cloud projects
Respondents’ leading concerns over cloud adoption were network security (58%), a lack of cloud expertise (47%), migrating workloads to the cloud (44%), and insufficient staff to manage cloud environments (32%).
It’s notable that a total of 79 percent of respondents reported staff-related issues, highlighting that organizations are struggling with handling cloud deployments and a largely remote workforce.
Cloud issues and misconfigurations leading causes of breaches and outages
Eleven percent of respondents reported a cloud security incident in the past year with the three most common causes being cloud provider issues (26%), security misconfigurations (22%), and attacks such as denial of service exploits (20%).
When asked about the impact of their most disruptive cloud outages, 24 percent said it took up to 3 hours to restore operations, and for 26 percent it took more than half a day.
Nearly one-third still manage cloud security manually
Fifty-two percent of respondents stated they use cloud-native tools to manage cybersecurity as part of their application orchestration process, and 50 percent reported using orchestration and configuration management tools such as Ansible, Chef and Puppet. Twenty-nine percent said they use manual processes to manage cloud security.
Who controls cloud security is not clear-cut
Thirty-five percent of respondents said their SecOps team managed cloud security, followed by the cloud team (18%), and IT operations (16%). Other teams such as network operations, DevOps and application owners all fell below 10 percent, showing confusion over exactly who owns public cloud infosecurity.
“The use of cloud services has continued to increase over the past decade. Particularly now, in the wake of the COVID-19 public health crisis. With organizations struggling to address a largely remote workforce, many enterprises’ digital transformations have been accelerated to enable employees to work from home,” said Hillary Baron, lead author and research analyst, Cloud Security Alliance.
“As an ever-more complex cloud environment continues to evolve, the need for supplementary infosecurity tools to improve public cloud security will, as well.”
“In the face of complex environments, a dearth of security staff, and an overall lack of cloud knowledge, organizations are turning to security tools that can help supplement their workforce.
“Three of the top four benefits organizations look for in security management tools involve proactive detection of risks and automation. These types of tools can supplement the challenges many organizations are experiencing with lack of expertise (47%) and staff (32%), as well as improve visibility as they move toward an ever-changing cloud environment,” said Jade Kahn, AlgoSec CMO.