Multi-cloud automation company CloudBolt on Wednesday reported that 68% of IT leaders surveyed by the company say their organization’s skillset was only “somewhat mature” across all clouds.
The report also found that 72% believe their companies moved to the cloud without properly understanding the skills, maturity curve, and complexity of securing their own cloud environments.
A mere 8% say their company had implemented "highly-operationalized" cloud security practices while spinning up new compute resources and environments - though the vast majority (83%) did say they have "somewhat" done so.
Generally, organizations struggle to sufficiently bake security into their cloud adoption process, said Dan Benjamin, co-founder and CEO at Dig Security. It's more alarming when considering the potential for rapid scale as organizations mature and adopt hybrid or multi-cloud strategies.
“Doing this with limited security skills is a recipe for disaster, especially when you consider how much business data is migrated to the cloud during the adoption process and beyond,” Benjamin said. “Operationalizing cloud data security practices should be a corporate mandate. However, it’s clear that this isn't happening.”
Davis McCarthy, principal security researcher at Valtix, added that architectural nuances like on-premise network and a software-defined network in the cloud are often understated. Companies that think the cloud is a push-button product to scale the business or improve security often realize they need designated resources to develop these solutions.
“Medium-sized organizations that adopt the cloud for agility may stretch their technical staff too thin, exposing that management’s expectations didn’t align with reality,” McCarthy said. “Post-migration, tools are purchased to close gaps, but it eventually circles back to needing a designated resource to manage the cloud.”