'Disconcerting' Survey Report Reveals Cloud Security Warnings

"Despite always being near the top on the list of things that keep executives up at night, the reality around cloud security paints a disconcerting picture," says CloudBolt Software about its new survey-based report.

Titled "'Sometimes, Somewhat' Security -- A Disconcerting Look at the Reality of Hybrid Cloud/Multi-Cloud Vulnerabilities," the report is based on a survey of 350 IT experts around the world (director-level and above) from primarily large enterprises with more than 5,000 employees, with the company saying it provides a critical look into the beliefs, challenges and misconceptions associated with securing cloud environments.

"Fully 75 percent of respondents say that cloud computing represents the single greatest expansion of the enterprise attack surface in the last 20 years!" the report said. "And nearly 3 out of 5 respondents agree that moving to the cloud has made their enterprises less secure."

Survey results backing up that statement include:

  • 72 percent believe their companies moved to the cloud without properly understanding the skills, maturity curve and complexities of making it all work securely.
  • 68 percent said their organization's security skill set across all clouds was only "somewhat mature."
  • Only 8 percent of respondents confirmed they had implemented highly operationalized cloud security practices when spinning up new compute resources and environments; 83 percent say that they have "somewhat" done so.
  • Only 6 percent of respondents say that their companies automatically build security into every workload up front; 51 percent say they do it "sometimes."

The oft-cited and longrunning skills shortage is a prime factor contributing to key findings that point to a worrisome cloud security posture among many organizations. As Virtualization & Cloud Review has reported time and time again, the skills gap has long plagued organizations across many areas, especially affecting cloud computing in general and cloud security in particular.

"Respondents primarily attributed shortfalls in cloud security at the user level to a growing multi-cloud skills gap and over-reliance on cloud-native security and monitoring tools," said a news release issued last week by the company, which has been covered in research reports about cloud management platforms by Gartner.

Data points backing up that skills gap assertion include:

  • 56 percent of respondents cited "depth of native cloud skill sets/expertise" as a top security concern.
  • 29 percent pointed to a "lack of talent with deep security expertise" as an issue.
The Good and the Bad
[Click on image for larger view.] The Good and the Bad (source: CloudBolt Software).

On the positive side of things, most respondents agree that their organizational leadership is facing the problem head on. CloudBolt summed up all of the above in a Good and Bad graphic, illustrated above. Along with the good and the bad, the company published another graphic that it deemed "head scratch-worthy:"

Head Scratch-Worthy
[Click on image for larger view.] Head Scratch-Worthy (source: CloudBolt Software).

"What is the real state of cloud security?" the company asked in its conclusion. "Our study shows that it's somewhat and sometimes good, which by any measure can't be good enough when compared to any other type of enterprise security. In the exuberance to move everything to the Cloud and be CloudFirst, true cloud security appears to have been marginalized and, in its place, 'good enough security' suffices in day to day practice. While corporations feel like their executives and boards have done whatever is necessary to ensure secure clouds, the actual practice of cloud security appears to be falling short. Time will tell if companies will be able to shore things up as their hybrid cloud/multi-cloud practices mature."

About the Author

David Ramel is an editor and writer for Converge360.


Subscribe on YouTube