Underinvestment in Multi-Cloud Security a Pressing Concern
Although the vast majority of businesses are making multi-cloud a strategic priority in 2022 and keeping security top-of-mind, many feel they lack the tools and skills needed to execute on these plans.
In fact, additional security complexities have prevented IT leaders from moving to multiple cloud platforms, even though the majority of organizations know that at some point, their business growth will demand it.
These were among the findings of a survey of more than 200 IT leaders in the U.S., commissioned by Valtix, which also revealed 96% of IT leaders said their job would be easier if they had one console view through which to manage their security across multiple clouds.
Meanwhile, 82% of respondents said they agree that the complexities of implementing and managing multi-cloud security has slowed down business agility.
Multi-Cloud Security is ‘Underinvested’
When it comes to multi-cloud operations in general, more than three-quarters (76%) of respondents said they believe it is “underinvested” at their respective companies.
Tim Bach, vice president of engineering at AppOmni, said it was not surprising that most IT leaders are concerned about multi-cloud expansion, given they are frequently expected to address cloud security concerns without having the tooling to do that job in a secure, efficient way.
“Whether their focus is on security monitoring for cloud infrastructure providers such as Google Cloud, AWS and Microsoft Azure, or the increasingly more complex security needs for the dozens of SaaS platforms their businesses rely on, CIOs and CISOs are expected to manage security controls and monitoring for an increasing number of clouds that house more and more sensitive data and critical business processes,” he said.
Bach explained that while cloud infrastructure security concerns have been well-known and discussed for years, properly securing SaaS data is becoming more challenging each day.
“Given the large number of SaaS platforms used by the average enterprise, the dynamic nature of SaaS, and the lack of standardization across platforms, security teams can’t realistically monitor all permissions and configurations manually, or even maintain the required level of expertise across all of them in-house,” he said.
Bach said in order to help IT and security leaders feel confident in their ability to support an organization’s multi-cloud expansion, those teams need to be empowered with purpose-built, automated security solutions that stay current with the updates and nuances of each SaaS application.
“Security technologies that can alert and educate in-house security practitioners about potential issues and suggest ways to solve them will continue to be the most scalable solution to this problem,” he added.
The survey also indicated the direction cloud adoption is taking, with 62% of organizations already adopting multi-cloud and 84% that aren’t yet on multi-cloud expecting to be within two years.
Investment in cloud security is also on the rise, with 83% of companies surveyed committing additional budget to multi-cloud security in 2022: On average, these companies plan to increase those budgets by 47%.
However, less than half (48%) of respondents said they feel highly confident that every application workload in their public cloud accounts is known, and just 55% said they feel highly confident they have network or host-based security deployed across all their public cloud accounts and the app workloads that run there.
Kevin Dunne, president at Pathlock pointed out that, more than ever, companies are feeling pressure to adopt a multi-cloud solution to provide great resiliency and flexibility to the business.
Lost in Transmission
“Multi-cloud comes with benefits when it comes to key cloud pain points like unexpected outages or increasing costs to renew cloud services,” he said. “But while multi-cloud may provide business benefits, it does increase security risk.”
This is due in part to the fact that multiple clouds in place must be able to communicate with each other, which introduces the risk of data being lost during transmission.
Additionally, many of the security solutions built into the providers themselves only work on their own cloud, so organizations can lose sight of any user behavior or risk as it traverses cloud environments.
There is also increased effort required for security professionals to understand each different cloud provider and the tools available to them on each platform.
Dunne said customers who are adopting multi-cloud environments must invest in best-of-breed tools that offer interoperability and normalization across these various cloud environments.
“Solutions to manage these platforms must not only integrate to these cloud platforms but also provide the ability to understand and react to threats across the cloud landscape via a standardized interface,” he said. “When the right security tooling is in place, it is possible to adopt a multi-cloud environment and reap the business benefits of the solution without taking on unnecessary risk.”
