CSA survey reveals increasing complexity of cloud environments

Latest research reveals misconfigurations are one of the leading causes of breaches and outages, as public cloud adoption doubles over past two years 

Businesses have been gradually migrating workloads to the cloud for a number of years, a trend that has been exponentially accelerated due to the pandemic. However, the increasingly complex nature of cloud-native, hybrid and multi-cloud environments creates new challenges in terms of visibility and network security.  

AlgoSec recently partnered with the Cloud Security Alliance (CSA) to commission a survey that adds to the industry’s knowledge about hybrid-cloud and multi-cloud security. The survey, which queried nearly 1,900 IT and security professionals from a variety of organization sizes and locations, sought to gain deeper insight into the complex cloud environment that continues to emerge. 

We found that over half of organizations are running 41 percent or more of their workloads in public clouds, compared to just one-quarter in 2019. Sixty-two percent of respondents use more than one cloud provider, and the diversity of production workloads, for example container platforms and virtual machines, is also expected to increase.  

Other key findings from the survey include: 

• Security tops concerns with cloud projects: Respondents’ leading concerns over cloud adoption were network security (58%), a lack of cloud expertise (47%), migrating workloads to the cloud (44%), and insufficient staff to manage cloud environments (32%). It’s notable that a total of 79 percent of respondents reported staff-related issues, highlighting that organizations are struggling with handling cloud deployments and a largely remote workforce. 
• Cloud issues and misconfigurations are leading causes of breaches and outages: Eleven percent of respondents reported a cloud security incident in the past year with the three most common causes being cloud provider issues (26%), security misconfigurations (22%), and attacks such as denial of service exploits (20%). When asked about the impact of their most disruptive cloud outages, 24 percent said it took up to 3 hours to restore operations, and for 26 percent it took more than half a day. 
• Nearly one-third still manage cloud security manually: Fifty-two percent of respondents stated they use cloud-native tools to manage security as part of their application orchestration process, and 50 percent reported using orchestration and configuration management tools such as Ansible, Chef and Puppet. Twenty-nine percent said they use manual processes to manage cloud security. 
• Who controls cloud security is not clear-cut: Thirty-five percent of respondents said their security operations team managed cloud security, followed by the cloud team (18%), and IT operations (16%). Other teams such as network operations, DevOps and application owners all fell below 10 percent, showing confusion over who owns public cloud security. 

To ensure successful cloud migrations, organizations need to take a considered and gradual approach, understanding that the responsibility to manage the security and compliance of their cloud deployments still lies firmly at their door. This demands a deeper understanding of cloud security controls and how they connect and interact with to on-premise security devices – which in turn demands holistic visibility across both cloud and on-premise environments, and automation of network security management processes.  

In the face of complex environments, a dearth of security staff, and an overall lack of cloud knowledge, organizations are turning to security tools, like AlgoSec’s Security Management Solution, to complement their workforce. Three of the top four benefits organizations look for in security management tools involve proactive detection of risks and automation. These types of tools can supplement the challenges many organizations are experiencing with lack of expertise and staff, as well as improve visibility as they move toward an ever-changing cloud environment. 

Read the full survey findings here.