SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cloud tech developing faster than businesses can manage, FireMon finds
Tue, 3rd Mar 2020
FYI, this story is more than a year old

Public and hybrid cloud infrastructure environment is growing in complexity, and lacks automation and a lack of resources to effectively respond to demands.

This is based on FireMon's new 2020 State of Hybrid Cloud Security Report, which sheds light on the current cloud security landscape.

The report states that while enterprises rapidly transition to the public cloud, complexity is increasing. Furthermore, visibility and team sizes are decreasing while security budgets remain flat. This poses a significant obstacle to preventing data breaches, FireMon states.

Enterprises are increasingly transitioning to public and hybrid cloud environments. As they do, their network complexity continues to grow and create security risks, the report states.

Meanwhile, they are losing the visibility needed to protect their cloud systems, which was the biggest concern cited by 18% of C-suite respondents, who now also require more vendors and enforcement points for effective security.

In addition, the report found that business acceleration has outpaced effective security implementations.

Nearly 60% believed their cloud deployments had surpassed their ability to secure the networks in a timely manner. This number was virtually unchanged from 2019, showing no improvement against a key industry progress indicator.

The number of vendors and enforcement points needed to secure cloud networks are also increasing; 78.2% of respondents are using two or more enforcement points. This number increased substantially from the 59% using more than two enforcement points last year.

Meanwhile, almost half are using two or more public cloud platforms, which further increases complexity and decreases visibility, according to the report.

Meanwhile, enterprises have less resources to effectively address issues that arise. In fact, the report shows that despite increasing cyberthreats and ongoing data breaches, respondents reported a substantial reduction in their security budgets and teams from 2019.

These shrinking resources are creating gaps in public cloud and hybrid infrastructure security, according to FireMon.

There was a 20.7% increase in the number of enterprises spending less than 25% on cloud security from 2019; 78.2% spend less than 25% on cloud security (vs. 57.5% in 2019). Meanwhile, 44.8% of this group spent less than 10% of their total security budget on the cloud.

Furthermore, many organisations trimmed the size of their security teams 69.5% had less than 10-person security teams (compared to 52% in 2019). The number of 5-person security teams also nearly doubled with 45.2% having this smaller team size versus 28.5% in 2019.

Misconfigurations are exacerbated by lack of automation and third-party integration, FireMon's report finds. Cloud misconfigurations due to human-introduced errors is the top vulnerability for data breaches.

Even so, 65.4% of respondents are still using manual processes to manage their hybrid cloud environments.

On misconfigurations, almost a third of respondents said that this and human-introduced errors are the biggest threat to their hybrid cloud environment. Still, 73.5% of this group are still using manual processes to manage the security of their hybrid environments.

FireMon finds that better third-party security tools integration is needed. The report shows that the lack of automation and integration across disparate tools is making it harder for resource-strapped security teams to secure hybrid environments.

As such, 24.5% of respondents said that not having a centralised or global view of information from their security tools was their biggest challenge to managing multiple network security tools across their hybrid cloud.

FireMon VP of technology alliances Time Woods says, “As companies around the world undergo digital transformations and migrate to the cloud, they need better visibility to reduce network complexity and strengthen security postures.

“It is shocking to see the lack of automation being used across the cloud security landscape, especially in light of the escalating risk around misconfigurations as enterprises cut security resources.

"The new State of Hybrid Cloud Security Report shows that enterprises are most concerned about these challenges, and we know that adaptive and automated security tools would be a welcomed solution for their needs.

The company states that harnessing automated network security tools, robust API structures and public cloud integrations, enterprises can gain real-time control across all environments to minimise challenges created by manual processes, increasing complexity and reduced visibility.

Automation is also the antidote to shrinking security budgets and teams by enabling organisations to maximise resources and personnel for their most strategic uses, according to FireMon.

The 2020 State of Hybrid Cloud Security Report features insights from more than 500 respondents, including 14% from the executive ranks, detailing cloud security initiatives in the era of digital transformation.