7 Biggest Cloud Security Blind Spots
Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles.
August 15, 2019
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt20893ed784067106/64f0d5415375e50157203d9d/1.jpeg?width=700&auto=webp&quality=80&disable=upscale)
Cloud computing is evolving from a viable option for delivering IT services to the de facto standard. According to the "2019 Public Cloud Trends" report, from the Enterprise Strategy Group (ESG), the use of infrastructure-as-a-service environments has shot up in the past eight years, from 17% of organizations to 58%, and a full 39% of organizations report they take a cloud-first mentality to all of their technology deployments.
It's a boon for innovation, for sure, but security organizations continue to struggle keeping up with the constant changes in cloud technology, architecture, and use cases. Many of the biggest challenges they face have to do with visibility. In a recent report from the Cloud Security Alliance, three-quarters of companies with assets in the public cloud cited lack of visibility as a major challenge.
Here are some of the biggest cloud security blind spots that cause these visibility woes.
Cloud computing is evolving from being
a viable option for delivering IT services to being the
de facto standard. According to research from the Enterprise Strategy Group (ESG)
2019 Public
Cloud Trends
report, the use of infrastructure
-
as
-
a
-
service environments has shot up in the last
eight years from 17% of organizations to 58% and a full 39% of o
rganizations report that they
take a cloud
-
first mentality to all of their technology deployments. It's a boon for innovation, but
security organizations continue to struggle keeping up with the constant changes in cloud
technology, architecture, and use c
ases. Many of the biggest challenges they face have to do with
visibility. One
recent report
from Cloud Security Alliance shows that more than three
-
quarters of
companies
with assets in public cloud named lack of visibility as a major challenge. Here are
some of the biggest cloud security blind spots that cause these visibility wo
Cloud computing is evolving from being
a viable option for delivering IT services to being the
de facto standard. According to research from the Enterprise Strategy Group (ESG)
2019 Public
Cloud Trends
report, the use of infrastructure
-
as
-
a
-
service environments has shot up in the last
eight years from 17% of organizations to 58% and a full 39% of o
rganizations report that they
take a cloud
-
first mentality to all of their technology deployments. It's a boon for innovation, but
security organizations continue to struggle keeping up with the constant changes in cloud
technology, architecture, and use c
ases. Many of the biggest challenges they face have to do with
visibility. One
recent report
from Cloud Security Alliance shows that more than three
-
quarters of
companies
with assets in public cloud named lack of visibility as a major challenge. Here are
some of the biggest cloud security blind spots that cause these visibility wo
Forget about "shadow IT" or "rogue IT." Tech-buying patterns that have line-of-business stakeholders buying and managing cloud assets are now unblinkingly referred to as "business-managed IT" by many organizations that see it as a driver for innovation. So says the "Harvey Nash/KPMG CIO Survey 2019," which reports over two-thirds of organizations today either encourage or allow business-managed IT. That's because companies that do so are 52% more likely to beat competitors to market and 38% more likely to provide positive employee experience.
The trouble is that without collaboration from IT or cybersecurity pros, these silos of cloud technology can become huge security blind spots for organizations. These same organizations innovate faster, but the survey also shows they're twice as likely to have multiple areas of security risk exposures.
Misconfiguration of Internet-as-a-service (IaaS) and cloud data stores is the leading cause of some of the most damaging cloud breaches and data exposures today. Whether it's from turning off default security settings standardized by cloud providers, using default passwords, allowing unrestricted access to certain services, or something else, misconfiguration problems introduce a raft of hidden risks that are frequently uncovered in the headlines only after an embarrassing incident. According to the recent "2019 Cloud Security Report," some 40% of organizations say misconfiguration of cloud platforms is their top cybersecurity concern.
According to a recent report from the Cloud Security Alliance, some 55% of organizations run complex cloud computing environments that operate with a hybrid architecture. Such a setup offers a great way for large organizations to transition gradually to the cloud, but it introduces security visibility challenges as organizations struggle to track assets across the entire architecture and monitor activity across a complex myriad of hybrid cloud connections. In fact, a report out earlier this year from Firemon shows 80% of organizations are challenged by the limitations and complexity of tools used for monitoring and managing security across hybrid environments.
The Cloud Security Alliance report shows even more organizations are engaging in multicloud purchasing, relying on cloud environments from numerous providers. Approximately 66% of organizations have multicloud environment, and about 36% rely on a combination of both multicloud and hybrid technologies.
This further muddies the water for security professionals. "The problem for security professionals is that security models and controls vary widely across providers, are often poorly documented, and are completely incompatible," wrote Rich Mogull, analyst for Securosis and vice president of product for cloud security firm DisruptOps. "Anyone who tells you they can pick up on these nuances in a few weeks or months with a couple training classes is either lying or ignorant. It takes years of hands-on experience to really understand the security ins and outs of a cloud provider."
The use of containerized workloads and container orchestration is skyrocketing in the cloud as organizations leverage the ephemeral flexibility and scalability of containerization to feed the rapid improvements of continuous integration/continuous delivery (CI/CD) in software development. But new platforms like Kubernetes are introducing new classes of misconfigurations and vulnerabilities to cloud environments faster than security teams can even wrap their arms around how container technology works. According to recent research by AimPoint Group on behalf of StackRox, 40% of organizations today remain at the planning or basic stages of security strategy for container environments, and an additional 19% still have no strategy at all.
Cloud computing is evolving from a viable option for delivering IT services to the de facto standard. According to the "2019 Public Cloud Trends" report, from the Enterprise Strategy Group (ESG), the use of infrastructure-as-a-service environments has shot up in the past eight years, from 17% of organizations to 58%, and a full 39% of organizations report they take a cloud-first mentality to all of their technology deployments.
It's a boon for innovation, for sure, but security organizations continue to struggle keeping up with the constant changes in cloud technology, architecture, and use cases. Many of the biggest challenges they face have to do with visibility. In a recent report from the Cloud Security Alliance, three-quarters of companies with assets in the public cloud cited lack of visibility as a major challenge.
Here are some of the biggest cloud security blind spots that cause these visibility woes.
Cloud computing is evolving from being
a viable option for delivering IT services to being the
de facto standard. According to research from the Enterprise Strategy Group (ESG)
2019 Public
Cloud Trends
report, the use of infrastructure
-
as
-
a
-
service environments has shot up in the last
eight years from 17% of organizations to 58% and a full 39% of o
rganizations report that they
take a cloud
-
first mentality to all of their technology deployments. It's a boon for innovation, but
security organizations continue to struggle keeping up with the constant changes in cloud
technology, architecture, and use c
ases. Many of the biggest challenges they face have to do with
visibility. One
recent report
from Cloud Security Alliance shows that more than three
-
quarters of
companies
with assets in public cloud named lack of visibility as a major challenge. Here are
some of the biggest cloud security blind spots that cause these visibility wo
Cloud computing is evolving from being
a viable option for delivering IT services to being the
de facto standard. According to research from the Enterprise Strategy Group (ESG)
2019 Public
Cloud Trends
report, the use of infrastructure
-
as
-
a
-
service environments has shot up in the last
eight years from 17% of organizations to 58% and a full 39% of o
rganizations report that they
take a cloud
-
first mentality to all of their technology deployments. It's a boon for innovation, but
security organizations continue to struggle keeping up with the constant changes in cloud
technology, architecture, and use c
ases. Many of the biggest challenges they face have to do with
visibility. One
recent report
from Cloud Security Alliance shows that more than three
-
quarters of
companies
with assets in public cloud named lack of visibility as a major challenge. Here are
some of the biggest cloud security blind spots that cause these visibility wo
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024