Of the 73% of security professionals with responsibility for the security of public cloud who operate in a multi-cloud environment, 98% think these more complex environments pose greater security challenges, a survey conducted for Tripwire by Dimensional Research reveals.
Organizations have a wide range of reasons for going multi-cloud, including meeting varying business needs, running certain applications, distributing risk, taking advantage of cost savings, and to provide redundancy in the event of downtime. In the industrial space specifically, organizations are twice as likely to use a multi-cloud approach to manage risk.
“We’ve seen a massive shift to cloud in response to the growing business need to manage more data and have greater accessibility,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Given the growing complexity of systems and threats that come with moving to a cloud environment, and security policies that are unique to each provider, it makes sense that organizations are finding it increasingly difficult to secure the perimeter.”
Best practice security frameworks (59%) and configuration standards (78%) are widely adopted, but the application of such best practices is somewhat less consistent, with only 38% saying these are used across the cloud environment. What’s worrying is that only 21% of respondents said they have a centralised view of their organisation’s security posture in relation to the cloud.
Three quarters of respondents also said they rely on third party security providers and tools to secure their cloud environment, and admitted that the licensing models offered by cloud providers aren’t always clear when it comes to security responsibilities. Most (98%) would like to see specific security improvements on the part of cloud providers, including communicating security issues faster and following consistent security frameworks.
Finding a more unifying model to secure cloud services was another theme that emerged, with 77% of respondents saying they would prefer their existing security services to be extended to the cloud, rather than having to adopt a separate, cloud only solution.
“For most security professionals, managing a multi-cloud environment is a fairly new and somewhat ambiguous part of their day to day,” added Erlin. “Fortunately, there are well established frameworks and solutions that exist to help fill in the gaps and ensure organizations don’t have to rely solely on their cloud providers to secure their environment.”
Organizations have come to realize that cloud providers don’t offer the tools they need to fully secure their systems, and as a result, are taking matters into their own hands. In the last year, Tripwire said they have seen an increase in the number of companies doing real-time assessments of their cloud security posture and a slight increase in the level of enforcement automation, both positive indications that companies are taking the necessary steps to harden their cloud environments.