Cybersecurity is the Biggest Obstacle to Cloud Adoption

As organizations tackle their migrations to the cloud, IT professionals believe cyberthreats aimed at the cloud represent the biggest obstacle to continued adoption.

This was one of the key findings of a Confluera survey of 200 IT leaders, which also revealed that IT security departments are already overburdened as they navigate cloud security issues. 

Only about half of the respondents said that they are adequately staffed to manage the frequency of alerts they receive.

The transition to cloud and multi-cloud environments was also a primary contributor to their increased workload in 2021, with the process of maintaining consistent cybersecurity coverage across all cloud infrastructures cited as a major challenge. 

Multi-Cloud and Scale Issues Strain Cybersecurity Teams

Not only is cloud deployment expanding in scale, but it’s also expanding across platforms such as AWS, Google Cloud and Azure. 

Nearly 45% of respondents identified the difficulty of detecting threats progressing from one cloud infrastructure to another as a major challenge. Cost and budget constraints were cited by slightly more than one-fifth of respondents. 

Vishal Jain, co-founder and CTO at Valtix, said the findings of the report came as no surprise. 

“Security in the cloud is different than security in the data center,” he said. “Unfortunately, many organizations are only now catching up to that reality.”

He added that while having solutions that reduce alert noise certainly can help, one of the biggest causes of breaches in a dynamic environment like cloud is lack of visibility and control over workload connectivity.

“Specifically, public cloud connectivity between workloads is relatively open,” Jain said. “Add in open paths to the public internet and the risk of a breach as a result of this control gap is significant.”

Gadi Naveh, cyber data scientist at Canonic Security, said the survey confirmed what security professionals understand: A holistic approach to cloud security requires exploring new approaches and methodologies.

“Security leaders are always on the lookout for a fresh perspective on cloud security that spans managed infrastructure and third-party services, enabling an in-depth understanding of cloud service consumption and risk-related insights,” he said.

Naveh added that these third-party services can help to automate and offload tasks at scale, enabling infosec teams to keep up with changing business requirements.

“On the flip side, while third-party services empower citizen developers to drive growth and productivity across business units, these capabilities also introduce new risks,” he said. “These will need to be addressed and contextualized throughout the organization.”

Adam Gavish, co-founder and CEO at DoControl, added that when one considers the upswing in multi-cloud adoption across all major cloud categories (ie. IaaS, PaaS, and SaaS), it’s not surprising that organizations are struggling to reduce the noise of false positives.

“It’s like finding anomalies in an environment that is fundamentally anomalous,” he said. “Cloud security in this landscape is becoming more and more decentralized, and the more decentralized your cloud estate is, the more false positives you are likely to experience.”

Meanwhile, 85% of survey respondents said that they experienced an increased workload due to the shifts in working models, including remote workers, and nearly seven in 10 said the change in working models made it more difficult to keep company resources secure.

Gavish agreed there is also the challenge of IT and security teams being stretched thin, pointing to the acute shortage of cybersecurity professionals in the market.

“The hasty changes that were made to support remote work on the heels of the pandemic adds even more complexity,” he said. “All of these swirling issues coupled together create significant challenges for businesses leveraging cloud.”  

From his perspective, the more an organization can centralize security solutions across disparate cloud technologies, the more likely it is that organization can successfully prevent and report on the issues that present a material risk to the business.

“We are seeing this in the merging of mature sectors like CASB, DLP and SSPM, with newer point solutions that provide centralization in a more lightweight offering,” he said.

Gavish explained this not only improves security in the general sense, but it also creates operational efficiencies for the IT and security teams.

“They can now focus their attention on more mission-critical tasks than having to sift through the haystack of false positives,” he said. 

Nathan Eddy

Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.

nathan-eddy has 243 posts and counting.See all posts by nathan-eddy