While increased cloud adoption and awareness of cloud-specific security issues are a good thing, tools sprawl was a dampener: survey

In a Nov–Dec 2022 survey of more than 2,500 C-level executives in seven locations (USA, Australia, Germany, France, Japan, Singapore, and the UK) to understand trends and preferences in cloud adoption strategies and various outcomes, a cybersecurity firm has noted that 90% of respondents indicated that they did not have the ability to detect, contain and resolve cyber threats within one hour.

More than 50% of the respondents hailed from enterprise-sized organizations (over US$1B in annual revenue). Respondents were split evenly between executive leadership and practitioner-level roles. Practitioner-level respondents were restricted to those who worked in development, IT or information security functions.

With this backdrop disclosed, the survey results showed the following trends among respondents:

    1. Close to 50% indicated that their workforce did not understand their security responsibilities.
    2. 76% indicated that using multiple security tools created blind spots that affected their ability to prioritize risk and prevent threats.
    3. 80% indicated they would benefit from a centralized security solution that sits across all of their cloud accounts and services.

The survey report authors have made the following generalizations about cloud migration and security:

    • The surge in hybrid work arrangements had driven organizations to expand their use of clouds by more than 25%, likely making application security more complex, and putting pressure on security teams to keep pace — and raising cyber security risk levels.
    • Of those security teams admitting to not being able to curb threats within an hour, a majority believed they needed to improve their underlying measures: from gaining visibility into multiple clouds; to applying more consistent governance across accounts; to streamlining incident response and investigation.
    • Respondents’ top concerns remained unchanged from a similar survey in 2020: struggles with comprehensive security, compliance, and technical complexity. Some 78% of respondents had distributed responsibility for cloud security to individual teams, but 47% indicated that “a majority” of their workforce did not understand their security responsibilities
    • A greater need for code-to-cloud security was indicated by 81% of respondents: As more applications are being built in the cloud using off-the-shelf software, any vulnerability in the development process could compromise an entire application later on. Respondents were encouraging a deeper level of engagement between application developers and security tools and teams.
    • Tool sprawl needs to be minimized: With around 75% of respondents struggling to identify which security tools were necessary to achieve their objectives, many implemented numerous single point solutions. The average respondent indicated using more than 30 security tools, including six to 10 tools dedicated to cloud security. Some 76% of respondents reported that using this excess of security tools created blind spots that affected their ability to prioritize risk and prevent threats, and 80% indicated benefits if a centralized security solution was used across all of their cloud accounts and services.

According to Ankur Shah, Senior Vice President, Prisma Cloud, Palo Alto Networks, which commissioned the survey: “No one can afford to overlook the security of cloud workloads. As cloud adoption and expansion continue, organizations need to adopt a platform approach that secures applications from code to cloud across multi-cloud environments.”