Radware on Wednesday reported that some 70% of companies surveyed are “not confident” in their ability to apply consistent security across on-premises and multi-cloud environments.
The survey also found that 69% admitted they knew about breaches or exposures because of variations in multi-cloud security configurations. And, less than half of organizations trust their security staff to maintain a strong security posture.
“It’s a major problem that’s exposing companies to inherent security risks — and they recognize it,” said Haim Zelikovsky, vice president of cloud security services at Radware. “Combined with the eroding trust in public cloud security and cybersecurity staff, skilled talent shortages, and lack of visibility across cloud environments, you have a perfect storm for data breaches.”
Claude Mandy, chief evangelist, data security at Symmetry Systems, said it remains challenging for organizations operating in multi-cloud and hybrid-cloud environments to understand the slight nuances and differences between each cloud — in particular their security settings and features. Mandy said the continuous release of new, and sometimes unique, security features and nuanced configuration settings from each cloud service provider further complicates the ability to drive consistent security across clouds.
“Although these nuances and inconsistencies may indicate differing security postures per cloud, sadly, it is primarily misconfigurations that could have been prevented that have resulted in real-world impacts to organizations,” Mandy said. “As we have seen from a vast array of public data breaches, the misconfigurations have commonly been due to misconfigured privileges to data.”
John Yun, vice president, product strategy at ColorTokens, added that cyberthreats will continue to follow the direction of market growth, and that’s no different for the cloud.
“The industry has experienced rapid adoption and change of mindset towards multi-cloud environments in the past two years,” Yun said. “It should be no surprise for cyber threats to start targeting multi-cloud environments, identifying the weakest link or/and navigating between different cloud environments.”
Darren Guccione, co-founder and CEO at Keeper Security, said the No. 1 challenge when managing identities across multiple clouds is the lack of visibility. Guccione said when IT leadership has to manage identities across multi-cloud environments, those environments don’t automatically thread together with disparate technology solutions.
“Visibility across and within the entire technology stack is essential to protect, connect and monitor security vulnerabilities and threats,” Guccione said. “As multi-cloud infrastructure becomes implemented, the level of cyber risk, if not managed and mitigated correctly, actually increases exponentially. Thus, it’s imperative that technologies protecting these environments provide enterprise-wide visibility, security and control over every user, on every device as they transact with every website, application and system in the organization.”