Tripwire announced the results of a research report that evaluated cloud security practices across enterprise environments in 2021. Conducted by Dimensional Research, the survey evaluated the opinions of 314 security professionals with direct responsibility for the security of public cloud infrastructure within their organization.
According to the research, 73% currently operate in a multi-cloud environment, but security professionals responsible for these types of complex environments overwhelmingly (98%) report that relying on multiple cloud providers creates additional security challenges.
Organizations likely to use a multi-cloud approach to manage risk
Organizations have a wide range of reasons for going multi-cloud, including meeting varying business needs, running certain applications, distributing risk, taking advantage of cost savings, and to provide redundancy in the event of downtime. In the industrial space specifically, organizations are twice as likely to use a multi-cloud approach to manage risk.
“We’ve seen a massive shift to cloud in response to the growing business need to manage more data and have greater accessibility,” said Tim Erlin, VP of product management and strategy at Tripwire.
“Given the growing complexity of systems and threats that come with moving to a cloud environment, and security policies that are unique to each provider, it makes sense that organizations are finding it increasingly difficult to secure the perimeter.”
59% have configuration standards for their public cloud and use best practice security frameworks (78%), but only 38% of framework users apply them consistently across their cloud environment. Not to mention, only 21% have a centralized view of their organization’s security posture and policy compliance across all cloud accounts.
Most also noted that shared responsibility models for security between cloud service providers and their customers are not always clear – three quarters rely on third-party tools or expertise to secure their cloud environment.
Multi-cloud security challenges for cybersecurity professionals
- When it comes to managing their cloud environment, most organizations rely/relied on existing security teams to complete training or self-teach, but only 9% of those surveyed would categorize their internal teams as experts.
- Overall, customers want cloud providers to increase security efforts. Most (98%) would like to see specific security improvements, including communicating security issues faster and following consistent security frameworks.
- And 77% prefer their existing security service extends into the cloud rather than finding a separate cloud-only solution.
“For most security professionals, managing a multi-cloud environment is a fairly new and somewhat ambiguous part of their day to day,” added Erlin. “Fortunately, there are well established frameworks and solutions that exist to help fill in the gaps and ensure organizations don’t have to rely solely on their cloud providers to secure their environment.”
Organizations have come to realize that cloud providers don’t offer the tools they need to fully secure their systems, and as a result, are taking matters into their own hands. In the last year, there has been an increase in the number of companies doing real-time assessments of their cloud security posture and a slight increase in the level of enforcement automation, both positive indications that companies are taking the necessary steps to harden their cloud environments.