According to a new survey of IT decision makers, despite the critical need for cloud-based applications, almost half (49%) of businesses believe cloud apps make them a target for cyberattacks. Only unprotected infrastructure such as Internet-of-Things (IoT) devices (54%) and web portals (50%) rated higher levels of concern among the surveyed respondents.
Software-as-a-Service (SaaS) makes applications widely available to a range of cloud customers. Migration to SaaS and other cloud-based compute and services platforms allows organizations to quickly spin up resources, adopt new applications, and respond in real time to end user and consumer demands. This helps them to compete effectively in today’s digital marketplace. Indeed, in just a few years,
over 80% of enterprises have adopted two or more public cloud infrastructure providers, and nearly two-thirds are using three or more.
While the business advantages are significant, this rapid migration is also introducing complexities and risks for which few organizations have adequately prepared. The repercussions are exacerbated by a widening cybersecurity skills gap, coupled with cybercriminals becoming more capable of exploiting vulnerabilities than ever before. Following are a few of the challenges that unchecked cloud adoption has introduced:
- Because of their ease-of-adoption, organizations are finding that cloud-based applications and services are piling up—making them increasingly difficult to manage and secure.
- Organizations also have poor visibility into what services are being used, where corporate information is being stored, who has access to it, and what security strategies are in place to protect it.
- Complexity also causes problems. Employees use different cloud services from different providers, and these different providers all offer different security tools, different native security controls, and different levels of security. This can make it extremely difficult to impose any sort of consistency to security policy distribution, orchestration, or enforcement.
What many organizations may not realize when moving to a cloud environment is to what extent they are responsible for securing their own cloud environment. Cloud providers secure the infrastructure, such as storage and compute resources shared by everyone, but securing data, content, and applications are all the responsibility of the cloud customer. And those security controls need to be built separately inside each cloud environment that has been adopted. If those security solutions are not fully integrated and interoperable across multiple environments, then the number and variety of security tools that need to be implemented can compound, quickly overwhelming the resources available to manage them.