Survey highlights need for additional cloud security expertise
There’s an old maxim that says you can’t manage what you can’t see. That has never been truer than when it comes to cloud computing environments. That lack of visibility, however, also creates opportunities for managed service providers (MSPs) to fill that void.
A survey of over 2,000 IT and security professionals conducted by the Cloud Security Alliance (CSA) on behalf of Dazz, finds well over three-quarters (77 percent) lack full transparency into their cloud computing environments.
Not surprisingly, organizations find cloud security to be difficult to both attain and maintain. For example, well over a third (38 percent) estimate that 21-40 percent of their code contains vulnerabilities. Meanwhile, 19 percent estimate 41-60 percent of their code contains vulnerabilities. Another 13 percent estimate they have vulnerabilities in 61-80 percent of their code.
Remediating those vulnerabilities remains a significant challenge for most organizations. On average, organizations are dealing with a daily queue of 55 security vulnerabilities per day, of which one to three are typically critical. Teams can address only 270 vulnerabilities within a month, meaning many of these vulnerabilities are rolling over day after day. In general, there are four phases to remediation, with each phase requiring between three and six hours. It is easy to see how some organizations with limited resources can reach a point where they never catch up. The report notes that more than half of the vulnerabilities that have been remediated reoccur within a month. This is often because the root cause was never properly addressed.
Challenges and opportunities in cloud security
Overall, 22 percent dedicate less than 20 percent of their budget to cloud security, compared to 31 percent that allocate 21-40 percent of their budget and 27 percent that invest 41-60 percent of their budget to securing cloud environments.
Just under 75 percent of respondents noted security teams spend more than 20 percent of their time performing manual tasks when addressing security vulnerabilities. This is even though 83 percent report using at least some automation in their remediation process. A whole 61 percent also noted that their organization is using three to six different detection tools, with nearly half (45 percent) considering increasing their security budgets in 2024. So, it’s probable many will be adding additional tools. However, less than a quarter (24 percent) said they feel very prepared for the cybersecurity threats their organization faces.
Less than a third (30 percent) said there is a good working relationship between the application development teams that typically provision cloud computing environments and the cybersecurity teams that are usually held accountable for maintaining cloud security.
There’s still much work to do regarding cloud security. The challenge for MSPs is convincing prospective customers that they are better equipped to manage these tasks for organizations that simply lack the required expertise, tools, processes, and resources required to do it on their own. Fortunately, a growing body of research is making it clear to everyone affected that we need a fundamentally different approach to securing cloud computing environments. It has become clear that cyberattacks are only going to continue to increase in terms of both volume and sophistication.
Photo: Nan_Got / Shutterstock