It is estimated that over 90 percent of enterprises currently use a cloud service, and the market is projected to reach $927 billion by 2027. However, managing cloud infrastructure is complex, and complexity breeds vulnerability. This article takes a look at the security challenges and solutions that go hand-in-hand with cloud adoption.
A June 2021 study provided by OpsCompass, the 2021 State of Cloud Security Posture Management Report, provides a fascinating look into the top security priorities and challenges currently faced by IT professionals. The study indicates that finding ways to be more proactive is top of mind for IT and security teams, and multi- or hybrid-cloud infrastructure is at the heart of their concerns.
“Operations teams are managing increasingly complex cloud infrastructure and are hyper-concerned about misconfigurations and configuration drift resulting in security gaps and potential breaches. Our goal with this report is to assess what teams are experiencing today, understand their concerns, and drive conversations to improve cloud security,” said John Grange, CTO and co-founder of OpsCompass.
To get ahead of security breaches, organizations are increasingly looking for real-time monitoring and detection of misconfigurations. Enhancing communications between DevOps, Security, and Compliance teams coupled with increased automation are proving to be the most effective steps businesses can take to reduce the risk of exposing sensitive data.
The OpsCompass survey queried 253 full-time, US-based IT professionals, mostly software developers, and engineers. These respondents deploy, develop, or manage cloud applications or infrastructure – 91 percent of whom are working with multi- or hybrid-cloud solutions. Nearly half of these professionals are concerned about visibility, misconfigurations, configuration drift, and an overall gap in cloud-management capabilities.
Given the number of breaches that are the direct result of misconfiguration and config drift (by far the vast majority), the percentage of professionals concerned with visibility into and control over these vulnerabilities should be much higher. This statistic may indicate a perceived security gap – the difference between the level of security an organization thinks it has and the level of protection it actually has.
OpsCompass asked questions related to the respondent’s understanding of Cloud Security Posture Management (CSPM). This relatively new sector includes the governance, monitoring, and remediation necessary to ensure all assets in and deployments to the cloud are safe. Although known by various names, 95 percent of the respondents were aware of these solutions and thought them very important. However, less than half are currently using a CSPM solution.
Indicating how important real-time monitoring and automation are; of the nearly 70 percent of respondents who said they have a high degree of confidence in their cloud security, over 70 percent said their confidence is derived from their ability to monitor their cloud in real-time. Over 50 percent said they automate as much as possible.
As businesses rely more on cloud infrastructure, it is critical that real-time monitoring and automation be a part of their security management strategy. There are plenty of threat actors actively looking for vulnerabilities to exploit; we cannot afford to make breaches easy by leaving data exposed due to a misconfiguration or config drift. CSPM can go a long way toward reducing the ever-growing number of data breaches.