Just about every industry today depends on the cloud to get work done, and because most companies depend on Amazon, Google and Microsoft’s cloud services, any disruption of even one of them would have a major economic impact on business and government.
Most organizations are looking to transform themselves using cloud technologies, but they can only do so when they know the cloud infrastructure supporting them is secure and resilient.
In a recent survey by of 200 IT and security professionals by CyberRisk Alliance (CRA), respondents showed a strong desire to get ahead of the threats and develop protections that can build on existing cloud deployments.
Here are four of the leading findings:
The majority of companies have migrated to the cloud
Some respondents have migrated most — if not all — of their workloads to the cloud. Others have been more cautious, preferring to keep a majority of assets on-prem. While 53% work with just one or two cloud providers, 48% do business with at least three or more. These arrangements vary based on the needs of a given business, its budget for cloud security, and the demands of the industry.
Security investments are paying off
Investments in security are paying off as 56% of respondents expressed moderate to high levels of confidence in their cloud security. CRA found a great deal of diversity in cloud security applications, from 77% citing stricter access controls via identity and access management (IAM) and privileged access management (PAM), to native security services provided by cloud vendors (66%), to more emphasis on monitoring (60%) and encryption (56%). As one respondent said: “we’re placing an emphasis on protections at the data layer in addition to the network and physical infrastructure layers” and “transitioning to a multi-layer defense strategy.”
Skills gaps and lack of training undermine cloud initiatives
One in four respondents said their organizations grappled with not having sufficient expertise and training to implement cloud security effectively. This difficulty translates to not having dedicated oversight and visibility of cloud operations. “With all of the challenges in cloud security, the challenge our organization is least equipped to currently address is the advanced skill gap in our current resource pool to adequately keep up with constantly changing threat complexity and remediation,” said one respondent.
Organizations have a cloud visibility problem
Beyond considerations such as the cost of cloud solutions and the skills shortage, many respondents trace the majority of their pain points back to the limited visibility of their cloud assets. From API security gaps and misconfigurations to access management and tools deployment, everything hinges on being able to see what’s happening in the cloud.
So heading into 2024, while the industry has made a great deal of progress migrating to the cloud, organizations still face some stiff challenges around securing budget dollars for cloud security projects, finding qualified security people, and then delivering the visibility they need to respond to escalating cyber threats.