Amid the continued acceleration and focus on cloud initiatives as remote working turns into a necessity instead of a nice-to-have, it is always nice to get a helping of realism to accompany the hype.
The Cloud Security Alliance (CSA), in association with cloud security management provider AlgoSec, has done just that in its latest report. The study, ‘State of Cloud Security Concerns, Challenges, and Incidents’, polled almost 1,900 IT and security professionals across a variety of organisation sizes and locations.
The first clear finding was that organisations continue to move to complex cloud environments.
More than half (52%) of respondents said at least two fifths or more of their workloads (41%) were in public cloud environments as of last year. For the rest of 2021, this is predicted to rise to 61%. In terms of specific cloud providers, Amazon Web Services (AWS) just outbids Microsoft Azure with 67% to 65% share. Google Cloud (37%) is a distant third. These figures are not dissimilar trends to the Flexera State of the Cloud 2021 which was published last month; the needle is still moving to public and multi-cloud.
Like the Flexera, security continues to be the top challenge. This may not be too surprising given the report authors, but the data digs deeper into specific concerns. The CSA and AlgoSec study found respondents’ biggest issues were network security – cited by 58% of respondents – and a lack of cloud expertise (47%). One in three respondents (32%) noted there was insufficient staff to manage cloud environments.
In total, almost four in five (79%) of those polled reported staff-related issues. The CSA called this ‘notable’, and a clear indicator that organisations were struggling with handling cloud deployments and a largely remote workforce.
Another interesting comparison with the Flexera benchmark can be found in management. The Flexera report found a wide range of stakeholders managing cloud spend. In the majority of cases, a specific cloud team took charge, but stragglers, such as forecasting cloud costs, saw input from infrastructure and ops, as well as finance.
Looking at cloud security, the CSA and AlgoSec data again see a less-than-clear-cut path. 35% of respondents said their security operations team managed cloud security, followed by the cloud team (18%), and IT operations (16%). Yet wider stakeholders, from network operations, to DevOps, and even application owners, were cited. The CSA said this ‘showed confusion.’
The survey also asked whether organisations had suffered a cloud-related operational incident over the past 12 months. Only one in 10 (11%) said they had, remaining consistent with 2019 figures. Hold the bunting and celebrations, however; two in five (41%) said they were unsure – a significant uptick on two years previous – with a full quarter (27%) preferring not to answer.
Ultimately, the report’s keynote was around a general sense of confusion among organisations. This is not a new sensation – this publication has reported variously on how complexity breeds confusion – but cloud security tools which supplement the workforce are now the order of the day.
This chimes with the ecosystem John Morgan, CEO at cloud cybersecurity detection provider Confluera, sees. “As the gap narrows between cloud adoption and IT resources to secure the cloud or hybrid environment, I expect more organisations to adopt a new class of cloud-based security solutions as they will be required to accelerate business, provide better user experiences, and create new security processes to keep with modern application development practices,” Morgan told CloudTech.
You can download the full report here (pdf, email required).
Want to find out more about topics like this from industry thought leaders? The Cloud Transformation Congress, taking place on 13 July 2021, is a virtual event and conference focusing on how to enable digital transformation with the power of cloud.