The Cloud Security Alliance (CSA) and AlgoSec announced the results of a new study titled, “State of Cloud Security Concerns, Challenges, and Incidents.” The survey, which queried nearly 1,900 IT and security professionals from a variety of organization sizes and locations, sought to gain deeper insight into the complex cloud environment that continues to emerge and that has only grown more complex since the onset of the pandemic.
The survey found that over half of organizations are running 41% or more of their workloads in public clouds, compared to just one-quarter in 2019. In 2021, 63% of respondents expect to be running 41% or more of their workloads in public cloud, indicating that adoption of public cloud will only continue. Sixty-two percent of respondents use more than one cloud provider, and the diversity of production workloads (e.g., container platforms, virtual machines) is also expected to increase.
John Morgan, CEO at Confluera, says, "The move to the cloud has been ongoing at a rapid pace for some time. COVID-19 has accelerated the adoption for many but I don’t expect the adoption to slow down. In fact, as organizations change their business model for the long haul (remote workforce, distributed employees, virtual offices, etc…), I expect cloud adoption to play an even greater role. As the gap narrows between cloud adoption and IT resources to secure the cloud or hybrid environment, I expect more organizations to adopt a new class of cloud-based security solutions as they will be required to accelerate business, provide better user experiences, and create new security processes to keep with modern application development practices."
Key findings include:
- Security tops concerns with cloud projects: Respondents’ leading concerns over cloud adoption were network security (58%), a lack of cloud expertise (47%), migrating workloads to the cloud (44%), and insufficient staff to manage cloud environments (32%). It’s notable that a total of 79 percent of respondents reported staff-related issues, highlighting that organizations are struggling with handling cloud deployments and a largely remote workforce.
- Cloud issues and misconfigurations are leading causes of breaches and outages: Eleven percent of respondents reported a cloud security incident in the past year with the three most common causes being cloud provider issues (26%), security misconfigurations (22%), and attacks such as denial of service exploits (20%). When asked about the impact of their most disruptive cloud outages, 24 percent said it took up to 3 hours to restore operations, and for 26 percent it took more than half a day.
- Nearly one-third still manage cloud security manually: Fifty-two percent of respondents stated they use cloud-native tools to manage security as part of their application orchestration process, and 50 percent reported using orchestration and configuration management tools such as Ansible, Chef and Puppet. Twenty-nine percent said they use manual processes to manage cloud security.
- Who controls cloud security is not clear-cut: Thirty-five percent of respondents said their security operations team managed cloud security, followed by the cloud team (18%), and IT operations (16%). Other teams such as network operations, DevOps and application owners all fell below 10 percent, showing confusion over exactly who owns public cloud security.
Douglas Murray, CEO at Valtix, explains, "In 2020, spend on public cloud infrastructure exceeded on-prem for the first time. It is clear the cloud has won and is now achieving escape velocity. I don’t see a slowing anywhere on the horizon. The reality is that the public cloud is different than a traditional data center. The number one concern noted in the report was Network Security, so this is front of mind for all companies moving to cloud. The second largest concern noted in the report is how teams lack cloud expertise. The workforce is critical here as the move to the cloud requires a change in operations and indeed a change in culture."