SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Hybrid cloud security big concern for business leaders
Fri, 24th May 2019
FYI, this story is more than a year old

Modern hybrid cloud and multi-cloud environments offer numerous benefits to businesses, however many are also encountering significant challenges and risks especially when it comes to security, according to a new study from the Cloud Security Alliance (CSA) commissioned by AlgoSec.

Surveying 700 IT and security professionals, the study identified four key areas of concern when it comes to hybrid cloud and multi-cloud offerings, including public cloud, private cloud and the use of more than one public cloud platform. These areas of concern and risk around adoption and security were configuration and visibility problems, human error and outages, cloud compliance and legalities, and general security concerns.

According to the study, 81% of cloud users said they had concerns around security when it came to data losses and leakages (cited by 62%), regulatory compliance (57%), and integration with the rest of the organisations' IT environment (49%).

When it came to outages, 11.4% of those surveyed reported a cloud security incident in the past year and 42.5% a network or application outage, with respondents noting that human error and configuration mistakes are the biggest cause. With management of devices, device configuration changes and device faults, operational and human errors were the two leading causes at 20%, 15% and 12% respectively.

In order to gauge how easy or difficult IT and security professionals found managing the security of their public cloud, the survey respondents were asked to rank different aspects from biggest to smallest challenge. Respondents put proactively detecting misconfigurations and security risks as the biggest challenge (3.35), a lack of visibility into the entire cloud estate as second (3.21), audit preparation and compliance third (3.16), holistic management of cloud and on-prem environments fourth (3.1), and managing multiple clouds (3.09) as the fifth and least significant challenge.

Cloud Security Alliance global vice president of research John Yeoh says in order to mitigate these risks, businesses need to take a proactive and holistic approach when it comes to their cloud security.

He says, “As companies of all sizes are taking advantage of the value of the cloud with its improved agility and flexibility, they are also facing unique new security concerns, especially when integrating multiple cloud services and platforms into an already complex IT environment.

“The study findings demonstrate how important it is for enterprises to have holistic cloud visibility and management across their increasingly complex hybrid network environments in order to maintain security, reduce the risk of outages and misconfigurations, and fulfil audit and compliance demands,” Yeoh says.

AlgoSec CMO Jeffrey Starr says in a hybrid cloud landscape visibility and security management become 'mission critical'.

He says, “There is no one-size-fits-all cloud deployment model: organisations are choosing to adopt and use cloud resources in the way that suits their business needs. But this cloud flexibility also creates many security challenges for today's enterprise. Irrespective of how they choose to use cloud resources, end-to-end visibility across the networks is critical to meet security and compliance obligations. Robust network security management and automation become increasingly mission critical."

"We see organizations moving to automate security management across native cloud, multi-cloud, and hybrid network estates, driving agility while ensuring continuous security for next-generation enterprise environments,” he says.

The CSA is a non-profit organisation that promotes security in the cloud. AlgoSec is a provider of business-driven network and cloud security management solutions.