The COVID 19 pandemic has accelerated the migration to cloud applications.The cloud spending increased by 37% ($29 billion) in the first quarter of 2020. With the increased usage comes the increased risk. To wit, the world has witnessed a sharp rise in cyberattacks ever since the beginning of the pandemic.
Research conducted by Dimensional Research for Tripwire this year found gaps and challenges companies were facing across sectors, especially in multi-cloud environments. The primary goal of the research was to understand approaches and challenges to the security of cloud infrastructure. As many as 73% of respondents currently operate in a multi-cloud environment, and 98% of security professionals reported that relying on multiple cloud services created additional security challenges.
Amazon Web Services and Microsoft Azure dominated the list of the most used cloud services (at 66-82% of respondents using either AWS or Azure). Google cloud dropped from 28% in 2020 to 24% in 2021. IBM saw a slight uptick while Oracle remained stagnant.
Security challenges
The study suggested that multi-cloud environments made it more challenging to secure a network. The report found visibility as an important gap for professionals dealing with multiple providers. Only 21% had a centralised view of the organisation’s policy compliance. Models of responsibility between service providers and the customers were not lucid enough, where 75% of respondents relied on tools provided by third parties to secure their cloud ecosystem.
According to the Verizon data breach investigations report, 30% of data breaches involved inside actors. Cloud infrastructure is accessible from the public internet, making it difficult and time-consuming to detect suspicious insiders.
Report suggests that only 7% of professionals have good visibility when it comes to how employees use critical business data across organisation-owned and employee-owned devices and services, whereas 58% had moderate to slight visibility. Lack of visibility is a big risk for cloud with insider threats and cyberattacks, as mentioned above.
The ease and ability to collaborate and share data even with external individuals increases the risks of data breaches. Data sharing on Cloud is done through links and direct email invites, enabling anyone with access to the link to access stored information and undersecured cloud deployments may further aggravate these issues.
The multi-cloud gap
With work from home becoming the norm, many firms migrated from old legacy systems to the cloud. It is difficult to get multi-cloud systems right and secure, and a more manual cloud integration process makes it easier for errors to take place, exposing application, data and network segments. Multi-cloud hybrid ecosystems are seen to be risky and challenging to any IT infrastructure.
“Given the growing complexity of systems and threats that come with moving to a cloud environment, and security policies that are unique to each provider, it makes sense that organisations are finding it increasingly difficult to secure the perimeter,” Tim Erlin, VP of product management and strategy at Tripwire, said.
The experience with multi-clouds varies depending on the expertise of the team across multiple platforms. An average firm relies on 53 different platform services that are beyond basic computing and storage, according to the Bain Technology Report 2020. Organisations are already struggling to hire, develop and retain the talent needed to operate cloud infrastructures securely, and we are talking about several hybrid multi-clouds here.
Also read: Attrition Rate In Indian IT Industry Is At An All-Time High
The hasty migration to cloud has resulted in development projects not fully addressing security issues and dependencies before their deployment. The hackers are well aware of the emerging vulnerabilities. Meanwhile, rapidly emerging public clouds may not be equipped to handle cyber threats as they trade security for speed. This is not to say that cloud computing has let its users down in the past one and half years, but experts say it is “barely adequate”.
