Security challenges in native cloud, hybrid and multi-cloud environments
The Cloud Security Alliance’s latest survey, Cloud Security Complexity: Challenges in Managing Security in Hybrid and Multi-Cloud Environments, examines information security concerns in a complex cloud environment.
Commissioned by AlgoSec, the survey of 700 IT and security professionals aims to analyze and better understand the state of adoption and security in current hybrid cloud and multi-cloud security environments, including public cloud, private cloud or use of more than one public cloud platform.
Topics covered in the report include:
- Types of cloud platforms currently in use
- Proportion of workloads actively in the cloud
- New workloads expected to be moved into the cloud
- Anticipated risks and concerns about potential migrations to the cloud
- Challenges managing security after adopting cloud technologies
- Methods for addressing these security challenges
- Challenges related to network or application outages
- Methods for and results of addressing outages and security incidents
The survey illustrates the need within our industry to better address these issues before adopting cloud technologies to create practical and manageable network environments—rather than simply putting out fires as they arise after deploying new technologies. It also highlights the need to maintain cloud service-specific knowledge during the growth of the service with the aim of staying current with new features and functionality.
Specifically, the survey found that:
- Cloud creates configuration and visibility problems: When asked to rank on a scale of 1 to 4 those aspects of managing security in public clouds they found challenging, respondents cited proactively detecting misconfigurations and security risks as the biggest challenge (3.35), closely followed by a lack of visibility into the entire cloud estate (3.21). Audit preparation and compliance (3.16), holistic management of cloud and on-prem environments (3.1), and managing multiple clouds (3.09) rounded out the top five.
- Human error and configuration mistakes are the biggest causes of outages: Eleven percent (11.4 percent) of respondents reported a cloud security incident in the past year, and 42.5 percent had a network or application outage. The two leading causes were operational / human errors in management of devices (20 percent), device configuration changes (15 percent) and device faults (12 percent).
- Cloud compliance and legal concerns are serious worries: Compliance and legal challenges were identified as major concerns when moving into the cloud (57 percent regulatory compliance; 44 percent legal concerns).
- Security is the major concern in cloud projects: Some 81 percent of cloud users said they encountered significant security concerns. Concerns over risks of data losses and leakage were also high with users when deploying in the cloud (cited by 62 percent), closely followed by regulatory compliance concerns (57 percent) and integration with the rest of the organizations’ IT environment (49 percent).
As cloud environments become more complex, we can expect to see the trends identified in this survey continue. Unsurprisingly, it will be more important than ever for IT professionals to have visibility into available resources, understand cloud provider security tools, create personalized plans for securing their organization and evaluate staff knowledge to ensure security of these complex cloud environments.
Download the full report to learn more about Cloud Security Complexity: Challenges in Managing Security in Hybrid and Multi-Cloud Environments.
(This post originally appeared on the ISACA blog, which can be viewed here).