Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/3/2019
05:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Multicloud Businesses Face Higher Breach Risk

A new report finds 52% of multicloud environments have suffered a breach within the past year, compared with 24% of hybrid cloud users.

More than half of firms running multicloud environments have been hit with a data breach in the past year, compared with 24% of hybrid cloud organizations and 24% of single-cloud users.

To gain a better understanding of how the public and private sectors are engaging with the $325 billion cloud market, researchers with Nominet polled 274 CISOs, CTOs, CIOs, and other professionals responsible for cybersecurity in large organizations across the US and UK. While 61% believe the risk of a breach is the same or lower in the cloud compared with on-prem environments, it seems there is a link between the number of clouds used and risk of attack.

The majority (71%) of respondents use software-as-a-service (SaaS) and 60% use infrastructure-as-a-service (IaaS). Fewer have moved to platform-as-a-service (PaaS) or business-process-as-a-service (BPaaS). Nearly half (48%) report their organizations uses a multicloud approach, and 24% use hybrid cloud. Only 29% of respondents use cloud services from one provider. Google Cloud was the most popular (56%), followed by IBM (49%), Oracle (44%), Microsoft Azure (36%), and AWS (32%).

Businesses using a multicloud approach are both more likely to have experienced a breach and more likely to have suffered multiple breaches: Sixty-nine percent of multicloud businesses report 11 to 30 breaches, compared with 19% of single-cloud organizations and 13% of hybrid cloud users.

Nominet vice president Stuart Reed points to a "tipping point" in terms of cloud adoption as more businesses consider the potential risks involved. Still, 69% remain moderately, very, or extremely worried about cloud security. Most fear cybercriminal sophistication and customer data exposure; other trepidations relate to increased attack surface, Internet of Things devices, and visibility.

These concerns no longer block cloud adoption as organizations recognize the cloud's potential to drive growth. "I think a lot of major SaaS applications are finding their way into enterprises as a matter of course now," he says. "We're beyond the point of people 'dipping their toe' in." Organizations are beyond using one cloud; now, more of them use at least two – if not more.

"There is a huge amount of choice out there in the market, from a cloud perspective," Reed says. "Organizations, generally speaking, have varied requirements depending on the project [they're] doing." A cloud service that works for one project may not work for another, for example, or have different geographical requirements. Companies' solution is to use several.

The higher likelihood of a breach for multicloud businesses has less to do with the security of each provider and more to do with heightened complexity. Each new cloud service increases the number of touch points onto a network, expanding opportunities for an attacker to get in.

"The traditional view of the network is becoming increasingly dissolved," he continues. "The network becomes broader, wider, and more significant. The need to be able to have a good level of visibility across that is highly important."

Navigating the Complexity of Cloud
For businesses working to secure existing multicloud environments, or those considering an additional cloud provider, Reed advises taking inventory of where assets reside and understanding the full breadth of the clouds. Knowing the implications of where data passes through and how it reaches other parts of the network or the Internet is important to achieve the level of visibility and understand what normal behavior looks like in the organization.

Nearly two-thirds of respondents (63%) already outsource cloud security to managed service providers, Nominet found. For organizations considering outsourcing, Reed emphasizes the importance of asking the right questions. Understand what they are able to offer and the security processes and procedures in place. This creates clarity between the supplier and organization in terms of what should happen when a breach is identified and how to mitigate it.

"It's the same level of diligence they need to apply to any supplier," he says.

Most (57%) respondents expect their cloud security budgets to increase, researchers found; the only industries where it's expected to lower are pharmaceuticals and hospitality. Budget increases could signify a more security-conscious organization, they report, or a response to an incident. Respondents are likely to believe cloud security budgets are increasing if their organization had been hit with a cyberattack in the 12 months prior.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: 'It Saved Our Community': 16 Realistic Ransomware Defenses for Cities.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Security Pros Value Disclosure ... Sometimes
Dark Reading Staff 9/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I wish they'd put a sock in it.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16691
PUBLISHED: 2019-09-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-16707
PUBLISHED: 2019-09-23
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
CVE-2019-16708
PUBLISHED: 2019-09-23
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVE-2019-16709
PUBLISHED: 2019-09-23
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-16710
PUBLISHED: 2019-09-23
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.