You Might Be Cloud-First, But Security Is Still an AfterthoughtSeptember 26, 2019
A new report from ESG, released today at the second annual Cloud Native Security Summit, finds that security professionals regard their existing tools inadequate for securing critical cloud data, even as their organizations invest heavily, with increasing speed, in cloud applications. Commissioned by Capsule8, Obsidian, and Signal Sciences, the report, Retooling CyberSecurity Programs for the Cloud-First Era, warns of a security gap that is both wide and dangerous.
The report, based on surveys with responses ranging from approximately 392-600 senior IT decision makers and cyber security professionals, reveals that cloud-first strategies are becoming more common, with 39 percent of respondents from cloud-first organizations saying that they only consider on-premises if someone makes a compelling business case to do so. Moreover, in the next two years, 58 percent of respondents say they’ll have more than 40 percent of their data stored in the public cloud–and 45 percent of this data will be sensitive. Nonetheless, even with this shift to the cloud, 81 percent of respondents said their on-premises data security practices are more mature than those that are intended to secure cloud-resident data. At the same time, an alarming 50 percent of those surveyed say their organization has lost cloud-resident data.
Other key findings underscore how cloud security is lagging despite mass adoption of the cloud:
- 90 percent of respondents worry about not having visibility into misconfigured cloud services, server workloads, network security, or privileged accounts
- 83 percent also report concern about the misuse of privileged accounts by insiders
- 35 percent say that the use of multiple cybersecurity controls has increased complexity and 66 percent say IT is more complex than it was two years ago
- 43 percent cited maintaining consistency across the disparate infrastructures of hybrid, multi-cloud environments where cloud-native apps are deployed as the biggest challenge in securing cloud-native apps
- 43 percent of respondents say that DevSecOps automation is the highest cloud security priority to address many of these concerns
The responses outlined in the report show that rapid development and the prolific release of cloud-native apps and practices happen at the peril of critical data that these resources are supposed to safeguard. That may be because many security operations take a legacy approach to securing data that harkens back to the pre-cloud and, in some cases, even the pre-web days. These systems just don’t work well in the cloud. This report is a call for a modern approach to security that is designed from the ground up to protect cloud-native environments.
To read the report, “Retooling CyberSecurity Programs for the Cloud-first Era,” which includes prescriptive advice for addressing these concerns, download at: https://www.cloudnativesecuritysummit.com/report