About a decade ago, organizations were hesitant to adopt cloud solutions, with many citing security concerns.
Fast forward to 2019, and 81% of organizations have a multi-cloud strategy, spurred on by the desire for increased flexibility, usage-based spending and desire to respond to market opportunity with greater agility. In fact, organizations are embracing cloud solutions so much so that Gartner predicts that by 2022, the public cloud services market will grow by 17.5% in 2019 alone; by 2022, the total market will be $331.2B.
According to the Gartner report, of the different segments within the cloud services market, Platform-as-a-service (PaaS) and Infrastructure-as-a-Service (IaaS) are growing the fastest. IaaS is projected to reach $38.9B in 2019, up from $30.5B in 2018 — a 27.5% growth. Similarly, PaaS is projected to grow by 21.8%. This appears to be a sustained trend as more than a third of all organizations regard cloud investment as a top three investment priority.
However, due to organizational structures, many times the cybersecurity team does not have exclusive responsibility for driving the adoption of cloud solutions or DevOps tools and are often not engaged in deciding which cloud solutions or DevOps solutions to adopt and deploy.
A recent GitLab study showed that while 69% of developers recognize that they are expected to write secure code, 49% of security professionals say it is a challenge getting developers to make vulnerability remediation a priority. Thus, many IT cybersecurity departments struggle to ensure that cloud adoption is not undertaken at the expense of security. This common dynamic leads to security gaps in organizations.
For example, Vitagene, Inc. a DNA-testing service exposed thousands of client health reports online for years. This breach involved 3,000 user records that were publicly available on AWS for several (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Onyeka Jones. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/best-practices-security-teams-cloud/