Confluera on Thursday reported that 97% of IT leaders surveyed say that their technology strategy includes the expansion of cloud deployments.
Despite this expanded cloud adoption, the new research said this strategy has come with its challenges, as 63% identified cyberthreats designed to target cloud services as the leading obstacle to their cloud strategy. And 65% say cloud infrastructure as a service (IaaS) adoption of leading platforms such as AWS, Azure and the Google Cloud Platform was the primary contributor to their increased workload in 2021.
Of the 200 IT leaders surveyed, only about 50% of respondents say that they are adequately staffed to manage the frequency of alerts they receive. IT teams spend 54% of their time investigating security alerts, with over half of those alerts turning out to be false or benign alarms.
It’s interesting that the adoption of cloud services was the biggest contributor to increased IT security workloads, ahead of supporting remote access and workers, said John Morgan, CEO at Confluera. Morgan said with the change in work model, many organizations had prioritized the security related to the use of endpoint devices, personal devices and unknown networks.
“With many organizations across industries accelerating and expanding their cloud deployments, the new finding is an important data point for them to consider,” Morgan said. “Their cloud strategy must account for the additional security resources and dedicated tools, without which they are almost guaranteed to experience disruptions and delays to their deployment plans. Not to mention increasing the potential for breaches.”
The Confluera survey confirms that security professionals understand that a holistic approach to cloud security requires exploring new approaches and methodologies, said Gadi Naveh, cyber data scientist at Canonic. Naveh said security leaders are on the lookout for a fresh perspective of cloud security that spans managed infrastructure and third-party services, enabling an in-depth understanding of cloud service consumption and risk-related insights.
“These third-party services can help to automate and offload tasks at scale, enabling infosec teams to keep up with changing business requirements,” Naveh said. “On the flipside, while third-party services empower developers to drive growth and productivity across business units, these capabilities also introduce new risks, which need to be addressed and contextualized throughout the organization.”
Adam Gavish, co-founder and CEO at DoControl, said given the upswing in multi-cloud adoption across all major cloud categories, it's not surprising that organizations are struggling to reduce the noise of false positives: it’s like finding anomalies in an environment that’s fundamentally anomalous.
“Cloud security in this landscape is becoming more and more decentralized, and the more decentralized your cloud estate is, the more false positives you are likely to experience,” Gavish said. “There’s also the challenge of IT and security teams being stretched thin. There's a very real shortage in security professionals in the market. The hasty changes that were made to support remote work on the heels of the pandemic adds even more complexity. All of these swirling issues coupled together create significant challenges for businesses leveraging cloud.”