Many IT pros remain concerned with the risk of data loss and leakage in the cloud, according to a new survey from AlgoSec.
In a survey commissioned by AlgoSec and conducted by the Cloud Security Alliance, security was the top worry among the 700 IT professionals polled. A full 81% expressed significant concerns about security when moving data to a public cloud platform. The risk of sensitive customer or personal data being lost or leaked was cited as the biggest security fear.
Respondents pointed to specific security concerns when running applications in the public cloud. Those concerns included unauthorized access to cloud-based data, infiltration of more sensitive areas of the network (either in the cloud or on premises), data corruption, outages due to Denial of Service attacks, and the abuse of resources (e.g., cryptomining).
Ideally, using a cloud provider should alleviate some of the internal effort involved in managing applications and other assets. But IT pros still need to manage security in the public cloud, and that task carries its own challenges. Proactively detecting misconfiguration and security risks with public cloud vendors was the top obstacle cited in this area.
Respondents also pointed to other public cloud security challenges, including a lack of visibility into the entire cloud estate, compliance and preparation for audits, managing both cloud and on premises environments, managing a multi-cloud environment, and a lack of expertise in cloud-native security.
The survey also posed questions about multi-cloud environments. Yes, using multiple providers reduces the reliance on a single provider. But a multi-cloud environment adds certain challenges as well.
Among the respondents, 66% said they rely on several cloud providers, with 35% reporting that they use three or more providers. To add to the complexity, organizations may use both public and private clouds. A full 55% of those polled said they use a hybrid cloud environment with at least one public and at least one private cloud. Some 35% said they use a combination of a multi-cloud and hybrid cloud environment.
“As companies of all sizes are taking advantage of the value of the cloud with its improved agility and flexibility, they are also facing unique new security concerns, especially when integrating multiple cloud services and platforms into an already complex IT environment,” John Yeoh, global vice president of research for Cloud Security Alliance, said in a press release. “The study findings demonstrate how important it is for enterprises to have holistic cloud visibility and management across their increasingly complex hybrid network environments in order to maintain security, reduce the risk of outages and misconfigurations, and fulfill audit and compliance demands.”
How to improve cloud provider security
To tackle some of the risks and challenges in using cloud providers, AlgoSec served up a few recommendations.
1. Build in security and compliance
Cloud providers now offer tools for managing security and compliance, many of which meet certain industry and government regulations. As such, IT pros should available themselves of these native tools.