73% of organisations currently operate in a multi-cloud environment, but those responsible for these types of complex environments overwhelmingly (98%) report that relying on multiple cloud providers creates additional security challenges.
That’s according to the research conducted by Tripwire that evaluated cloud security practices across enterprise environments in 2021.
Conducted by Dimensional Research in June, the survey evaluated the opinions of 314 security professionals with direct responsibility for the security of public cloud infrastructure within their organisation.
Organizations have a wide range of reasons for going multi-cloud, including meeting varying business needs, running certain applications, distributing risk, taking advantage of cost savings, and to provide redundancy in the event of downtime. In the industrial space specifically, organizations are twice as likely to use a multi-cloud approach to manage risk.
“We’ve seen a massive shift to cloud in response to the growing business need to manage more data and have greater accessibility,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Given the growing complexity of systems and threats that come with moving to a cloud environment, and security policies that are unique to each provider, it makes sense that organizations are finding it increasingly difficult to secure the perimeter.”
The majority (59%) have configuration standards for their public cloud and use best practice security frameworks (78%), but only 38% of framework users apply them consistently across their cloud environment. Not to mention, only 21% have a centralized view of their organization’s security posture and policy compliance across all cloud accounts. Most also noted that shared responsibility models for security between cloud service providers and their customers are not always clear – three quarters rely on third-party tools or expertise to secure their cloud environment.
Additionally, the survey examined ongoing concerns of security professionals responsible for cloud infrastructure:
- When it comes to managing their cloud environment, most organizations rely/relied on existing security teams to complete training or self-teach, but only 9% of those surveyed would categorize their internal teams as experts.
- Overall, customers want cloud providers to increase security efforts. Most (98%) would like to see specific security improvements, including communicating security issues faster and following consistent security frameworks.
- And 77% prefer their existing security service extends into the cloud rather than finding a separate cloud-only solution.
“For most security professionals, managing a multi-cloud environment is a fairly new and somewhat ambiguous part of their day to day,” added Erlin. “Fortunately, there are well established frameworks and solutions that exist to help fill in the gaps and ensure organizations don’t have to rely solely on their cloud providers to secure their environment.”
Organizations have come to realize that cloud providers don’t offer the tools they need to fully secure their systems, and as a result, are taking matters into their own hands. In the last year, Tripwire says it has seen an increase in the number of companies doing real-time assessments of their cloud security posture and a slight increase in the level of enforcement automation, both positive indications that companies are taking the necessary steps to harden their cloud environments.