The first challenge to the enterprise is the lack of visibility across access and connectivity. When environments have a mix of on-prem and cloud, a centralized view of “what is talking to what and who is talking to whom” seems unattainable. This often leads to guess work or a reliance on legacy network rules to address new cloud environments.
Not surprisingly, there is a huge skills gap as cloud as adoption far outpaces cloud expertise. New terminology, new ways of working, new methodologies all contribute to people without the correct skill set making changes based on insufficient knowledge. Each security team is asked to do more with existing resources and skill sets.
And then there is human error. Gartner reports that through 2025, at least 99% of cloud security failures will be due to misconfigurations. This is not surprising when you consider the number and complexity of security controls.
Do I have a way to view all my public cloud assets, and understand what and whom they are configured to communicate with?
How do I evaluate access and connectivity settings on my cloud assets? Is it a manual, point-in-time process, or done continuously?
Can I view an application across all the assets and services it uses and communicates with, both in the cloud and beyond?
How do I ensure I’m not losing the agility I gained with cloud-native security controls, when combining them with more traditional security controls (like on-prem security products and cloud-deployed firewalls)?
How do I ensure continuous compliance with standardized policies across my hybrid environment?