Two years of pandemic-forced remote work has shown how much organizations depend on cloud computing. Employees want to work at home, convinced they are more productive from a remote office than at the office.
The great demand for remote work means greater reliance on the cloud. Studies show that by 2025, total data storage globally will be more than 200 zettabytes (or 200 trillion gigabytes) and at least half of that will be stored somewhere in the cloud.
The more data stored in the cloud, the more important cloud security becomes. In fact, according to a new study from Check Point, cloud security incidents are up 10% from the previous year, with 27% of respondents now citing misconfiguration as the top security challenge, way ahead of issues like exposed data or account compromise.
“It is clear from this independent survey that security teams are finding the increased reliance on the cloud a bit of a challenge,” Tsion (TJ) Gonen, head of cloud product line at Check Point Software, said in a statement.
To meet that challenge, organizations are rethinking their cloud security priorities. According to the study, those priorities are: Automation, preventing misconfigurations, securing cloud apps, attracting and retaining qualified staff and achieving regulatory compliance.
Cloud Security Priorities
This is how Gonen explained the drivers behind these security priorities in an email interview:
“With the shift of moving workloads to the cloud—35% of respondents said they have at least 50% of workloads in the cloud, with that number predicted to jump to 75% over the next year—more and more organizations need to deploy application protection in the cloud.
The Check Point survey also found that organizations are embracing more agile software development methodologies and prioritizing ways to build security that can keep up with the cloud. Almost two-thirds of respondents have already integrated their DevOps toolchain into cloud deployments, yet organizations are still struggling with the lack of expertise that bridges security and DevOps. As the number of misconfigurations increases, addressing DevOps security and the need for security skills among developers is a top priority for improving cloud security.
Also, it’s no surprise that the majority of respondents cited the need for a single cloud security platform with a single dashboard where they could configure all of the policies needed to protect data consistently and comprehensively across their cloud footprint. Currently, users are spread across multiple cloud platforms. Managing data and applications across multiple platforms makes meeting compliance regulations extremely difficult.
The Skills Shortage
The skills shortage continues to challenge organizations’ ability to meet their security needs. In fact, 45% of the Check Point respondents cited lack of qualified staff as their biggest day-to-day headache in trying to protect cloud workloads.
It’s a cloud security concern that was echoed in research conducted by Siriux (acquired by Vectra) where it was found that less than 20% of enterprise security teams had the skills and resources to detect cloud security incidents.
“What our research indicates, when combined with Check Point’s research, is that cloud security incidents are most likely going undetected. If we take a look at the large-scale incidents reported by DHS and NSA alerts, the broad applicability of the cloud attack tools makes it very easy to find vulnerable cloud environments and rapidly exploit weak default configuration settings,” Aaron Turner, vice president, SaaS posture at Vectra, said in an email comment.
Faced with the skills shortage, organizations need to do everything they can to simplify their cloud security management. This is why automation is going to lead the way as the top cloud security priority going forward.
“The one mega trend and cloud priority that everyone should be looking at is automation,” said Gonen. “Your application developers are automating everything. It started with shifting left in automating pipelines, but now the cloud, by definition, automates infrastructure.”
And this drive to automation is the security priority that will keep business operations running as other security concerns are addressed.