IT and security leaders lack confidence in their ability to protect the cloud
A new study from secure access specialist Appgate based on research by the Ponemon Institute finds 60 percent of IT and security leaders are not confident in their organization's ability to ensure secure cloud access.
The survey of nearly 1,500 IT decision makers and security professionals worldwide sets out to examine the pain points experienced in securing cloud environments and how zero trust security methods can enable digital transformation.
Top challenges to securing the cloud include network monitoring/visibility (48 percent), in-house expertise (45 percent), increased attack vectors (38 percent) and siloed security solutions (36 percent). In addition, 62 percent of respondents say traditional perimeter-based security solutions are no longer adequate for today’s threats.
As businesses transform 90 percent of respondents will have adopted DevOps and 87 percent will have adopted containers within the next three years, but modern security practices aren't as widespread. Only 42 percent say they can confidently segment their environments and apply the principle of least privilege, and nearly a third of organizations have no collaboration between IT security and DevOps.
Respondents that have adopted a zero trust strategy report increased productivity of the IT security team (65 percent), stronger authentication using identity and risk posture (61 percent), increased productivity for DevOps (58 percent) and greater network visibility and automation capabilities (58 percent) as the top benefits.
"We've seen a lot of tailwinds to help with trusted apps, for example, spinning up a presidential order that plans for adoption of zero trust for securing critical assets, infrastructure, enterprises and government organisations as a whole," says Jawahar Sivasankaran, president and chief operating officer at Appgate. "But there are headwinds too, I would say definitely customers are still still entrenched with legacy ways of thinking. Part of this is legacy vendors continuing to push their narrative into the marketplace, sometimes they package the legacy stuff and put the zero trust moniker on just to graduate into the space."
Among other findings in the report, just 33 percent of respondents are confident their IT organization knows about all the cloud computing applications, platforms or infrastructure services they currently use. More than half of respondents cite account takeover or credential theft (59 percent) and third-party access risks (58 percent) as top threats to their cloud infrastructure.
Of the respondents that don't plan to adopt zero trust, 53 percent believe the term is 'just about marketing,' but many of those respondents also highlight ZTNA capabilities as being essential to protect cloud resources, which suggests some confusion around what zero trust actually means.
"Definitely education plays a big role in this, and part of this is also educating at the right level," adds Sivasankaran. "Making sure your customers are looking at the right answers versus just trying to bring along some of the legacy stuff, things that they've had for the last 25 years."
The full report is available from the Appgate site.