Check out all the on-demand sessions from the Intelligent Security Summit here.
CloudBolt’s latest Industry Insights study, executed by the Gartner-owned Pulse research platform, asked 350 IT leaders at large enterprises around the world about the state of cloud security in their organizations. The results were eye-opening.
Seventy-two percent of respondents believe their company moved to the cloud without “properly understanding the skills, maturity curve, and complexities of making it all work securely.”
The study points to two main culprits for today’s cloud security deficiencies at the individual user level as workloads are being provisioned. The first is an industry-wide multicloud skills gap. The second is an assumption that sufficient security is already built into cloud-native tools.
To properly secure a multicloud architecture using traditional methods, you need talent with expertise and experience in every cloud and tool you use. But 56% of respondents cited “depth of native cloud skill sets/expertise” as a top concern, and another 29% said that a “lack of talent with deep security expertise” was an issue.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Misplaced trust in suite-specific cloud security tools
Meanwhile, companies are also over-relying on cloud-native security tools without fully understanding their risks and limitations. Public cloud providers offer security tools for their customers, and most people believe these tools are sufficient – 74% of respondents said they provide “adequate” security. But these tools only work with their own product suite, and there are many idiosyncratic differences among them. In a multicloud environment that grows more complex by the day, this creates many opportunities for errors and omissions, which increase vulnerabilities across an ever-expanding attack surface. Respondents seem aware of this: 59% believe moving to the cloud has made their enterprises less secure.
There is a perplexing dichotomy between what organizations believe about the importance of cloud security and the approaches they are applying. On the one hand, most respondents (75%) acknowledged that “cloud computing is the single greatest expansion of the enterprise attack surface in the last 20 years.” Yet 83% said they have implemented highly operationalized security practices only “somewhat” when spinning up new resources, and 68% said their companies’ security skill sets across all clouds were only “somewhat mature.”
“Sometimes” and “somewhat” are concerning terms when describing something as important as multicloud security. Time will tell if companies’ approaches will mature sufficiently.
CloudBolt surveyed 350 directors, VPs and C-suite executives from companies with over 1,000 employees. Three-quarters were in North America, the rest in other regions of the world.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.