- Published: Wednesday, 31 March 2021 10:17
The Cloud Security Alliance (CSA) and AlgoSec have announced the results of a new survey, the ‘State of Cloud Security Concerns, Challenges, and Incidents’. The study, which queried nearly 1,900 IT and security professionals from a variety of organizational sizes and locations, sought to gain deeper insight into the cloud environment which has grown more complex since the onset of the pandemic.
The survey found that over half of organizations are running 41 percent or more of their workloads in public clouds, compared to just 25 percent in 2019. In 2021, 63 percent of respondents expect to be running 41 percent or more of their workloads in public clouds, indicating that adoption of public cloud will only continue. 62 percent of respondents use more than one cloud provider, and the diversity of production workloads (e.g. container platforms, virtual machines) is also expected to increase.
Key findings include:
- Security tops concerns with cloud projects: Respondents’ leading concerns over cloud adoption were network security (58 percent), a lack of cloud expertise (47 percent), migrating workloads to the cloud (44 percent), and insufficient staff to manage cloud environments (32 percent). It’s notable that a total of 79 percent of respondents reported staff-related issues, highlighting that organizations are struggling with handling cloud deployments and a largely remote workforce.
- Cloud issues and misconfigurations are the leading causes of breaches and outages: 11 percent of respondents reported a cloud security incident in the past year with the three most common causes being cloud provider issues (26 percent), security misconfigurations (22 percent), and attacks such as denial of service exploits (20 percent). When asked about the impact of their most disruptive cloud outages, 24 percent said it took up to 3 hours to restore operations, and for 26 percent it took more than half a day.
- Nearly one-third still manage cloud security manually: 52 percent of respondents stated they use cloud-native tools to manage security as part of their application orchestration process, and 50 percent reported using orchestration and configuration management tools. 29 percent said they use manual processes to manage cloud security.
- Who controls cloud security is not clear-cut: 35 percent of respondents said their security operations team managed cloud security, followed by the cloud team (18 percent), and IT operations (16 percent). Other teams such as network operations, DevOps and application owners all fell below 10 percent, showing confusion over exactly who owns public cloud security.