- Gigamon report highlighted that 93% predict more cloud breaches, underscoring global misunderstanding.
- 52% say boards/CISOs struggle to comprehend shared cloud security role.
As with any technology, cloud computing brings its own set of challenges, such as data security, compliance issues, and management of multi-cloud environments, which organizations must address as they navigate the complex landscape of hybrid cloud infrastructure. Forrester analysts report that 72% of organizations are now in the hybrid cloud environment, primarily because enterprises tend to combine their private cloud with one or more public clouds for various advantages.
With the rapid surge in cloud-based security threats and breaches, hybrid cloud security considerations have become paramount for CISOs, CIOs, and their teams.
The Hybrid Cloud Security trends report by Gigamon paints a somewhat different picture of hybrid cloud security. Its annual survey, encompassing over 1,000 IT and security leaders globally, revealed that even though 94% of respondents believed they have total visibility and insights into their IT infrastructure, nearly one-third of security breaches go unnoticed by IT and Security professionals.
Flexera indicates that 74% of organizations now operate in the hybrid cloud, which Forrester analysts consider the ‘norm.’ However, the Gigamon survey suggests that this norm brings along its fair share of security concerns, with 93% of respondents predicting an escalation in cloud security attacks and 90% having experienced a breach in the past 18 months.
Worryingly, 31% of breaches are detected post-incident, rather than being anticipated using security and observability tools. This issue is more pronounced in the US and Australia, with 48% and 52% of breaches, respectively, identified retrospectively.
On a more positive note, there is an increase in IT collaboration. Globally, 96% of IT and Security leaders agree that cloud security is a shared responsibility, with almost all respondents (99%) viewing CloudOps and SecOps as pursuing a common objective. However, despite CloudOps taking the lead in strategy, a lack of security-first culture results in vulnerability detection often being confined to the SecOps team, as per 99% of respondents.
The challenges of understanding cloud computing security responsibilities
The increasing collaboration between CloudOps and SecOps teams is driven by the growing risks in securing hybrid cloud infrastructure. While shifting workloads to the cloud has been central to many organizations’ digital transformation strategies, traditional security and monitoring tools struggle to safeguard virtual or hybrid environments effectively.
The lack of consensus on cloud security within IT leadership is concerning. While 30% of CISOs worldwide are confident in their ability to enhance cloud migration while maintaining security, the actual implementation teams are less assured, with only 12% expressing complete confidence.
The disconnect between the Board/CISOs and other IT and Security leaders is further exacerbated by over half of global respondents (52%) asserting their boards are still unfamiliar with the shared responsibility model for cloud security.
This misunderstanding is particularly prevalent in Australia and the US, with a significant percentage of IT and Security leaders in these countries concerned about their boards’ understanding of the model. This disparity between global perceptions and the reality of cloud security responsibility presents a significant risk.
Ian Farquhar, the security CTO at Gigamon, suggests that these findings underscore significant visibility gaps from on-premises to cloud environments, a threat that many IT and Security leaders seem to underestimate.
“Many don’t recognize these blind spots as a threat, yet East-West traffic – laterally moving data – and encrypted traffic can be incredibly dangerous in the hybrid cloud world,” said Farquhar. “We’ve seen previous reports that highlight the vast quantity of malware that hides behind encryption. Considering over 50 percent of global CISOs are kept up at night by the thought of unexpected blind spots being exploited, there’s seemingly not enough action being taken to remediate critical visibility gaps.”
Prioritizing the zero trust journey
The Gigamon report identifies zero trust as another priority for IT and Security leaders. Notably, discussions about zero trust at the board level are increasing, with 87% of global respondents saying their boards openly discuss it. This represents a 29% increase from 2022.
Mark Jow, EMEA CTO at Gigamon, suggests that while the implementation of Zero Trust is still an ongoing process for many organizations, it’s encouraging that at least half of the IT and Security leaders surveyed consider it crucial for enhancing their security posture, and appreciate the importance of visibility.
“Deep observability and going beyond traditional MELT approaches is crucial if organizations are to advance successfully on their zero trust journeys, securing their hybrid cloud infrastructure and eradicating the critical visibility gaps that are clearly causing headaches and restless nights,” Jow mentioned.