Organisations struggling to manage complexity of securing cloud infrastructure
As organisations continue to adopt the cloud, with 35% running more than 50% of their workloads on the likes of Azure, AWS and GCP, they struggle to manage the complexity of securing their cloud infrastructures across multiple cloud platforms, while also suffering a cyber-skills and knowledge shortage.
That's the findings of the latest 2022 Cloud Security Report from Check Point Software, based on a survey of 775 cybersecurity professionals.
The global report also revealed that cloud security incidents were up 10% from the previous year with 27% of organisations now citing misconfiguration, way ahead of issues like exposed data or account compromise.
Organisations are struggling to bring security into the DevOps cycle, compounded by a skills shortage witnessed by 45% of companies. Only 16% of respondents said they had comprehensive DevSecOps in place and 37% were just starting to implement DevSecOps into their cloud application development process.
While perceived cost savings and ease of use were the original drivers for using cloud vendor security, there is an increasing realisation that the complexity of managing three or four different security platforms argues in favour of an independent cloud security solution to streamline security across all cloud platforms. In fact, 54% of those surveyed thought that an independent security vendor would be better suited to their needs than the cloud platform provider. A key consideration in making the decision between cloud native and a third-party security vendor was a potential reduction in complexity provided by an integrated solution, cited by 56% of respondents.
Further adding to the complexity of multi-cloud security, respondents ranked ensuring data protection and privacy for each environment at 57%, having the right skills to deploy and manage a complete solution across all cloud environments at 56%, and understanding service integration options at 50%.
There is also an increasing need to deploy application protection in the cloud with this capability going up by 11% in the last year to become the 3rd highest area of focus, quoted by 53% of the survey sample. According to the report, 57% of respondents say that they expect to run more than half their workloads in the cloud within the next 12 to 18 months and, of those, some 76% were using two or more cloud providers.
As the move to the cloud gathers pace, the ability to streamline cloud security becomes vital, as 75% of organisations are in favour of a single unified security platform with single dashboard, where they can configure all the policies needed to protect data in the cloud. Currently 80% have to juggle three, or more separate security solution dashboards to configure their enterprise cloud footprint.
"It is clear from this independent survey that security teams are finding the increased reliance on the cloud a bit of a challenge," says
TJ Gonen, VP of Cloud Security at Check Point.
"Faced with the skills shortage, organisations need to do everything they can to simplify their cloud security management," Gonen says.
"An integrated third-party solution that covers all cloud platforms with a single management dashboard would relieve much of the pressure and reduce the risk of increasingly common misconfigurations, while also reducing workloads and providing the security environment to develop, deploy and manage applications in the cloud.
"This was the key driver for Check Point to develop its CloudGuard cloud security suite."