As public cloud adoption has doubled in the last two years, a survey from CSA shows that 58 percent of respondents are worried about cloud security, with misconfigurations being one of the leading causes of breaches and outages.
The Cloud Security Alliance (CSA) and AlgoSec released a new study report titled, “State of Cloud Security Concerns, Challenges, and Incidents.”
The survey, which polled approximately 1,900 IT and security professionals from a wide range of companies and locations, aimed to obtain a better understanding of the dynamic cloud world that has emerged and only become more complex since the pandemic began.
According to the survey, more than half of companies are running 41% or more of their workloads in public clouds, up from just 14% in 2019. Further, the survey reported that 63% of respondents plan to run 41% or more of their workloads in the public cloud by 2021, suggesting that cloud adoption will continue. 62% of respondents use multiple cloud providers, and production workload diversity (e.g., container systems, virtual machines) is expected to grow.
Commenting on the development, John Morgan, CEO at Confluera, said, “The move to the cloud has been ongoing at a rapid pace for some time. COVID-19 has accelerated the adoption for many but I don’t expect the adoption to slow down. In fact, as organizations change their business model for the long haul (remote workforce, distributed employees, virtual offices, etc…), I expect cloud adoption to play an even greater role. As the gap narrows between cloud adoption and IT resources to secure the cloud or hybrid environment, I expect more organizations to adopt a new class of cloud-based security solutions as they will be required to accelerate business, provide better user experiences, and create new security processes to keep with modern application development practices.”
Key findings of the survey report include:
* Security tops concerns with cloud projects: Respondents’ leading concerns over cloud adoption were network security (58%), a lack of cloud expertise (47%), migrating workloads to the cloud (44%), and insufficient staff to manage cloud environments (32%). It’s notable that a total of 79 percent of respondents reported staff-related issues, highlighting that organizations are struggling with handling cloud deployments and a largely remote workforce.
* Cloud issues and misconfigurations are leading causes of breaches and outages: Eleven percent of respondents reported a cloud security incident in the past year with the three most common causes being cloud provider issues (26%), security misconfigurations (22%), and attacks such as denial of service exploits (20%). When asked about the impact of their most disruptive cloud outages, 24 percent said it took up to 3 hours to restore operations, and for 26 percent it took more than half a day.
* Nearly one-third still manage cloud security manually: Fifty-two percent of respondents stated they use cloud-native tools to manage security as part of their application orchestration process, and 50 percent reported using orchestration and configuration management tools such as Ansible, Chef and Puppet. Twenty-nine percent said they use manual processes to manage cloud security.
* Who controls cloud security is not clear-cut: Thirty-five percent of respondents said their security operations team managed cloud security, followed by the cloud team (18%), and IT operations (16%). Other teams such as network operations, DevOps and application owners all fell below 10 percent, showing confusion over exactly who owns public cloud security.