Cloud Complexity Rattles Enterprise Security Efforts

More than 15 months after the pandemic-driven rush to remote work, enterprises are still paying the price for the faster-than-previously-planned migration to the cloud. According to the 2021 Thales Global Threat Report conducted by 451 Research, 82% of organizations maintain such concerns, especially when it comes to encrypting data stored in the cloud and the complexity of today’s cloud environments.

The report identified that half of those surveyed have more than 40% of their data stored in the cloud, yet only 17% of organizations have encrypted at least half of that sensitive data.

The report speculated that the survey results could indicate challenges in how enterprise data encryption policies are defined and implemented. According to 451 Research, while 45% of organizations have a centrally defined encryption policy, the technical standards and enforcement of that policy is handled by disparate teams dedicated to the specific cloud services they manage. “This likely represents a troubling potential shift in the profile of cloud security stakeholders, making them more aligned with engineering-type concerns over traditional security concerns,” the report stated.

Part of the challenge could also be the increased complexity of cloud environments. According to the study, about 53% of respondents used AWS as their cloud infrastructure provider, while 41% used Microsoft Azure. And there is significant overlap with Google Cloud, IBM Cloud, Oracle and Alibaba across organizations.

Also, most enterprises use dozens of SaaS applications, with 27% using more than 50 SaaS applications and 16% using between 51 and 100 SaaS applications. The number of platform-as-a-service (PaaS) providers in use was, not surprisingly, far fewer. Forty-four percent of organizations use two PaaS providers, while 21% use three.

All of these various cloud services increase encryption complexity. According to the report, the numerous services make it more difficult to not only manage the encryption itself, but also all of the associated encryption keys across providers, each of which takes their own approach to data encryption management. “Management complexity can be multiplied with each new cloud environment that’s added because each brings its own technology implementations, operational models and security tools,” the report said.

One way enterprises are trying to regain some control over their cloud systems is through tightened zero-trust access control strategies. The survey found 76% of respondents’ cloud strategy involves some level of zero-trust implementation, with 44% saying that zero-trust network access and software defined perimeter was the top technology to invest in during the pandemic months. That was quickly followed by cloud-based access management at 42% and conditional access at 41%.

Whether zero-trust strategies ultimately solve organizations’ security challenges remains to be seen, but one thing is certain–enterprises have to do something; nearly half (47%) of respondents say they have witnessed an increase in the volume, severity and scope of attacks in the past 12 months.

Secure Coding Practices