The Cloud Security Alliance and AlgoSec have announced the results of a new study titled, “State of Cloud Security Concerns, Challenges, and Incidents.”
The survey, which queried nearly 1,900 IT and security professionals from a variety of organization sizes and locations, sought to gain deeper insight into the complex cloud environment that continues to emerge and that has only grown more complex since the onset of the pandemic.
The survey found that over half of organizations are running 41 percent or more of their workloads in public clouds, compared to just one-quarter in 2019.
In 2021, 63 percent of respondents expect to be running 41 percent or more of their workloads in public cloud, indicating that adoption of public cloud will only continue.
Sixty-two percent of respondents use more than one cloud provider, and the diversity of production workloads (e.g., container platforms, virtual machines) is also expected to increase.
Key findings include:
Security tops concerns with cloud projects
Respondents’ leading concerns over cloud adoption were network security (58%), a lack of cloud expertise (47%), migrating workloads to the cloud (44%), and insufficient staff to manage cloud environments (32%). It’s notable that a total of 79 percent of respondents reported staff-related issues, highlighting that organizations are struggling with handling cloud deployments and a largely remote workforce.
Cloud issues and misconfigurations are leading causes of breaches and outages
Eleven percent of respondents reported a cloud security incident in the past year with the three most common causes being cloud provider issues (26%), security misconfigurations (22%), and attacks such as denial of service exploits (20%). When asked about the impact of their most disruptive cloud outages, 24 percent said it took up to 3 hours to restore operations, and for 26 percent it took more than half a day.
Nearly one-third still manage cloud security manually
Fifty-two percent of respondents stated they use cloud-native tools to manage security as part of their application orchestration process, and 50 percent reported using orchestration and configuration management tools such as Ansible, Chef and Puppet. Twenty-nine percent said they use manual processes to manage cloud security.
Who controls cloud security is not clear-cut
Thirty-five percent of respondents said their security operations team managed cloud security, followed by the cloud team (18%), and IT operations (16%). Other teams such as network operations, DevOps and application owners all fell below 10 percent, showing confusion over exactly who owns public cloud security.
AlgoSec commissioned the survey to add to the industry’s knowledge about hybrid-cloud and multi-cloud security. Sponsors of CSA research are CSA Corporate Members, who support the findings of the research project but have no added influence on content development nor editing rights. The report and its findings are vendor-agnostic and allow for global participation.
