SUSE Survey Surfaces Multiple Cloud Security Challenges
A survey of 501 IT professionals based in the U.S., United Kingdom and Germany published today found that, on average, organizations were impacted by four cloud-related security incidents in the past year. A majority (88%) noted that if they were certain the integrity of their data could be assured, they would migrate more workloads to the cloud.
The resulsts, announced at the SUSECON 2023 event, revealed that, on average, more than a third (35%) of respondents’ workloads today are deployed in a cloud computing environment.
Overall, the survey found 88% of respondents experienced at least one cloud security incident over the last 12 months,and 76% of those respondents were impacted by multiple incidents. A total of 11% reported having more than 10 issues over the last year.
Respondents identified data stores hosted by cloud or third parties as their top cloud security concern (31%).
The survey also found there is a major shift underway in terms of the percentage of the security budget being allocated to cloud-native application environments. On average, survey respondents said they now spend just over a third (36%) of their overall IT budget on cloud-native security.
In addition, the survey also found that adoption of security automation and container firewalls has been implemented by 38% of respondents, followed closely by security policies and management tools provided by cloud vendors (36%) and security policy automation (34%).
A full 95% of respondents also noted their organization will be reviewing their software supply chain to increase security with 51% having already conducted a previous review. Primary areas of focus included source code auditability (33%), build quality (30%) and software bill of materials (SBOM) depth / quality/ security (28%).
Despite all these challenges, the survey also found 86% of respondents believed their team has the right skills and/or tools to detect and fix security gaps.
Brent Schroeder, global CTO for SUSE, said most IT and cybersecurity professionals tended to be overly optimistic when it came to assessing their readiness to combat cybersecurity threats but investment in cloud security technologies makes it clear there is a greater appreciation for the challenges involved.
Many organizations mistakenly attempted to lift and shift legacy cybersecurity technologies into the cloud only to discover that cloud security is substantially different, he added. IT and cybersecurity professionals would be well-advised to be realistic about the skill sets they currently have, especially if they don’t have purpose-built cloud security tools and platforms in place, noted Schroeder.
In fact, organizations should be implementing zero-trust approaches to cybersecurity that validate access requests before trusting them, versus accepting access requests that they then attempt to verify, added Schroeder.
There’s clearly much work to still be done when it comes to cloud security, but it’s also apparent that progress is being made. The challenge is making sure that, as the number of workloads deployed in the cloud increases, the appropriate tools and processes are in place to secure them. Otherwise, the probability of one or more unwelcome cybersecurity incidents becomes all but inevitable.
