Steve Zurier | scmagazine.com »
Valtix on Wednesday released research that found while the vast majority of respondents plan on making multi-cloud a strategic priority in 2022 with security being top of mind, only 54% say they are highly confident they have the tools or skills they need to fully execute.
The survey, based on more than 200 IT leaders in the United States, also found that 51% have resisted moving to multiple cloud platforms because of the added security complexities, even though some 92% understand that at some point the business will demand it. Another 82% say that the complexities of implementing and managing multiple cloud platforms have slowed down business agility — a factor that could lead to new security incidents in the future.
“These findings demonstrate that security is actually holding back the business in terms of its needs,” said Douglas Murray, CEO at Valtix. “As an industry, we must solve for this complex problem. When security slows down the business, it inevitably gets bypassed. That’s when breaches are most likely to happen.”
It’s not surprising that a majority of IT leaders are concerned about multi-cloud expansion given they are frequently expected to address cloud security concerns without having the tooling to do that job in a secure, efficient way, said Tim Bach, vice president of engineering at AppOmni. Whether they focus on security monitoring for the major cloud infrastructure providers, or the increasingly more complex security needs for the dozens of SaaS platforms their businesses rely on, Bach said CIOs and CISOs are expected to manage security controls and monitoring for an increasing number of clouds that house more and more sensitive data and critical business processes.
“While cloud infrastructure security concerns have been well-known and discussed for years, properly securing SaaS data is becoming more challenging each day,” Bach said. “To help IT and security leaders feel confident in their ability to support an organization’s multi-cloud expansion, those teams need to have purpose-built, automated security solutions that stay current with the updates and nuances of each SaaS application. Security technologies that can alert and educate in-house security practitioners about potential issues and suggest ways to solve them will continue to be the most scalable solution to this problem.”
Enterprises shouldn’t have an issue with using multiple cloud solutions in deploying and operating their applications, said Saryu Nayyar, CEO at Gurucul. Certainly it’s easier on the IT staff and SOC to have a single view into all cloud environments, but Nayyar said staff should feel comfortable with small variations in security policies and views across cloud providers.
“Organizations should get used to life with a multi-cloud strategy, if warranted by their applications,” Nayyar said. “While the details of cloud security may have some minor variations, it shouldn’t be difficult to develop procedures that span the range of clouds. For those who have not yet implemented a multi-cloud strategy, it is time to do so, even if you’re still on a single cloud for the moment.”
Despite the recent rapid adoption of cloud services, many organizations recognize the different security requirements between cloud services, said John Yun, vice president of marketing at Confluera. It should come as no surprise that many organizations are hesitant to adopt multi-cloud architecture because of security concerns, despite the obvious business benefits. Yun added that he thinks in today’s industry, 51% is an extremely optimistic view.
“Majority of organizations are resisting multi-cloud adoption due to the security concerns and complexities,” Yun said. “Organizations today are struggling to provide consistent security coverage across all their environments, on-premise and cloud. Accounting for different security requirements of each cloud environment on top of the current challenge presents itself is a Herculean task. Ramping up on one cloud service and leveraging its unique capabilities further complicates the task of expanding to a multi-cloud environment. It’s critical for organizations to leverage security solutions designed specifically for the cloud that can grow with the organization needs including multi-cloud environments.”