Orgs Still Struggling With Cloud Security

A dozen years ago, when organizations were still in the early stages of adopting cloud computing, the biggest obstacle was security. SMBs especially didn’t seem to understand what the cloud was, and were particularly stymied by the challenge of keeping information transmitted and stored in the cloud safe from data leakage.

Of course, that was also a time before smartphones and apps were ubiquitous in the workforce—and it was long before a pandemic changed the way the world worked. Cloud adoption today is mainstream across business operations; in 2021 nearly half of corporate data was stored in the cloud, according to Statista.

AWS Builder Community Hub

What’s keeping companies from an even higher rate of cloud migration and adoption? It’s the same old issue as it was a decade before—security worries. According to a study from Confluera, while almost all respondents said they want to expand cloud deployments, two-thirds said the biggest obstacle for that move is threats specifically targeting the cloud.

“Unlike the security concerns of a decade ago that focused on the architecture and design of the cloud services, today’s concerns are based on modern cyberthreats targeting—and, in some cases, leveraging the advantages of—the cloud to benefit the attack,” John Morgan, CEO at Confluera, said in an email interview. “While many organizations have security budgets and tools in place to secure endpoint devices and on-premises servers, very few have a similar focus on cloud services. They are challenged to identify whether existing tools and processes provide the necessary security coverage in the cloud.”

IT Teams Unprepared for Security Challenges

Even though organizations have adopted multiple cloud applications over the years, IT hasn’t caught up yet. In fact, Douglas Murray, CEO at Valtix, said the only hesitation to greater adoption is the ability of the IT and security teams to fully operationalize and secure at the speed with which the business requirements dictate. They must work with a patchwork of on-premises tools shifted to the cloud and provider-specific services that require new skills and processes, and that slows down business agility around security.

“Every public cloud platform requires its own approach to security, which is also different from the data center,” said Murray. “Cybersecurity leaders often lack knowledgeable enough staff to necessarily address cloud security the way it should in a single provider, much less across multiple clouds.”

Becoming More Comfortable With Cloud Security

Moving to the cloud is challenging for many organizations. IT and security teams will have to deal with protocols, processes and tools that were built around traditional application architectures that don’t necessarily translate well to the cloud. In turn, security doesn’t translate well, or threats aren’t as familiar or as well-understood as threats to the traditional infrastructure setup.

To become more comfortable with securing the cloud requires the ability to better assess the services in use (or those being considered) and the organization’s overall security readiness for the cloud.

“Not all cloud services are the same,” said Morgan. “IT security may have a good handle on the security measures taken for a specific cloud application. However, the security of servers and cloud workloads running on popular infrastructure-as-a-service (IaaS) platforms, such as AWS and Microsoft Azure, cannot be easily assessed by SOC analysts. The flexibility of cloud services to grow and shrink based on the needs of the business also makes it very difficult for analysts to assess their security exposure.”

Therefore, Morgan recommended that cloud and multi-cloud adoption strategies include the attention and budget for cloud security.

“Many organizations, having tried and failed, recognize that simple extension of traditional security measures and processes to the cloud simply doesn’t work,” Morgan stated. “The SOC analysts who are on the frontlines of cyberattacks should be brought in early to discuss and strategize the overall cloud security approach and architecture. Not doing so will result in adoption delays due to complications in security coverage or in some cases, due to breaches.”

Avatar photo

Sue Poremba

Sue Poremba is freelance writer based in central Pennsylvania. She's been writing about cybersecurity and technology trends since 2008.

sue-poremba has 269 posts and counting.See all posts by sue-poremba