Cloud workloads increase but security concerns remain
A new study from the Cloud Security Alliance (CSA) and cloud security company AlgoSec finds that over half of organizations are running 41 percent or more of their workloads in public clouds, compared to just a quarter in 2019.
But 11 percent of respondents have reported a cloud security incident in the past year with the three most common causes being cloud provider issues (26 percent), security misconfigurations (22 percent), and attacks like denial of service exploits (20 percent).
Security is the leading concern surrounding cloud deployments (58 percent), followed by a lack of cloud expertise (47 percent), migrating workloads to the cloud (44 percent), and insufficient staff to manage cloud environments (32 percent). Yet only 52 percent of respondents use cloud-native tools to manage security as part of their application orchestration process, while 29 percent use manual processes to manage cloud security.
"The use of cloud services has continued to increase over the past decade. Particularly now, in the wake of the COVID-19 public health crisis. With organizations struggling to address a largely remote workforce, many enterprises' digital transformations have been accelerated to enable employees to work from home," says Hillary Baron, lead author and research analyst at the Cloud Security Alliance. "As an ever-more complex cloud environment continues to evolve, the need for supplementary security tools to improve public cloud security will, as well."
Who looks after cloud security is unclear too. 35 percent of respondents say their security operations team manages cloud security, followed by the cloud team (18 percent), and IT operations (16 percent).
"In the face of complex environments, a dearth of security staff, and an overall lack of cloud knowledge, organizations are turning to security tools that can help supplement their workforce. Three of the top four benefits organizations look for in security management tools involve proactive detection of risks and automation. These types of tools can supplement the challenges many organizations are experiencing with lack of expertise (47 percent) and staff (32 percent), as well as improve visibility as they move toward an ever-changing cloud environment," says Jade Kahn, AlgoSec's chief marketing officer.
The full report is available from the CSA site.