Hybrid Environments Add to Complexity, Security Considerations in Enterprise Networks, Study Finds

Share and earn Cybytes
Facebook Twitter LinkedIn Email

We know the adoption of cloud and cloud-based tools is growing rapidly, but a new survey helps quantify the growth.

According to the Cloud Threat Report 2019 commissioned by Oracle and KPMG, businesses that hold “more than 50% of their data in any public cloud” has nearly doubled in the last year. Moreover, the survey indicates that number is likely to double again over the next 12 months.

Specifically, the survey found the rate of growth around that particular measure of cloud adoption grew from just 14% in 2018 to 23% in 2019. Moreover, respondents estimated that number will climb to 49% by 2020.

This is not a casual migration either. Businesses are putting valuable data in the cloud. Some 71% of respondents said “the majority of their cloud-resident data is sensitive” – a 21% increase from the same survey last year.

Yet the cloud transformation also brings new concerns for cybersecurity. IT infrastructures are already complex, and the survey surfaced the rising challenges of maintaining security in hybrid environments with a mix of both cloud and on-prem infrastructure.

Here are some of the findings that stood out to us:

1) Confusion over cloud security responsibilities.

The report places the question of cloud security in a model of shared responsibility. For example, the enterprise, or end customer, have higher levels of responsibility in subscribing to infrastructure-as-a-service (IaaS) than they do in platform-as-a-service (PaaS) or in software-as-a-service (SaaS). Yet in all cases, the customer maintains at least some obligation – so it’s a shared responsibility.

The survey shows that enterprises may not fully understand the differences. For example, when the survey asked about shared responsibility for each category, the answers stacked up like this:

·       54% said they understand their security responsibilities in SaaS;

·       43% said they understand their security responsibilities in PaaS;

·       46% said they understand their security responsibilities IaaS; and

·       18% said they fully understand the shared responsibly security model.

The confusion raises the risk level because no one is looking if each party – customer and vendor – thinks the other one is accountable. The report made three observations about this finding:

First, “the less [security] the customers are responsible for, the more they’re confused about their obligations.”

Second, some CIOs may have a better level of understanding about shared security responsibilities than some CISOs. “Only 10% of the CISOs in this year’s research fully understand the shared responsibility security model, compared with 25% of CIOs who report no confusion.”

And third, this confusion has real consequences. For example, about one-third of respondents (34%) indicated the confusion over cloud security “has led to the introduction of malware”

2) Security’s visibility into the cloud is the top challenge.

You can’t protect what you can’t see, which is why visibility is an important challenge with which security teams wrestle as their organization increasingly adopt the cloud. For example, when asked “What are the biggest cybersecurity challenges currently experienced by your organization today?” cloud visibility was at the top of the list.

Here’s the breakout of the answers:

·       33% said detecting and reacting to security incidents in the cloud;

·       29% said the lack of skills and qualified staff;

·       27% said the lack of alignment between security and IT operations teams;

·       26% said the unauthorized use of cloud services; and

·       24% said the lack of visibility across our data center and endpoint attack surface.

“CISOs are particularly aware of the cloud security visibility gap,” according to the report. It noted 38% cited “the inability of network security controls to provide visibility into public cloud workloads as their top cloud security challenge.”

This idea was also reflected in separate qualitative research compiled into a book by cybersecurity analyst Richard Stiennon. In an interview about his book for the Bricata blog, Mr. Stiennon noted leaders in large enterprise moving to the cloud, “realized that they can’t just replicate the data centers and the security around it, that they’ve been building for the last 20 years.”

>>> Read the full post with the remaining findings here: Study Highlights Key Cloud Security Considerations as Hybrid Environments Add Complexity to Enterprise Networks

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive threat detection and prevention solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with an advanced threat detection and prevention platform which detects zero-day malware conviction.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?