Potential points of exposure attributed to growing skills gap, lack of automated processes, and an over-reliance on native cloud security and monitoring tools in multi-cloud environments
NORTH BETHESDA, MD, Dec 14, 2022 — CloudBolt Software, the leader in automating, optimizing, and governing hybrid cloud, multi-tool environments for global enterprises, today released its latest Industry Insights report, “Sometimes, Somewhat” Security – A Disconcerting Look at the Realities of Hybrid Cloud/Multi-Cloud Vulnerabilities. The report is based on a global survey of 350 IT leaders primarily VP+ from enterprises with 5,000 or more employees, executed by the Gartner-owned Pulse research platform.
The findings provide a critical look into the beliefs, challenges, and misconceptions associated with securing cloud environments. The results of the study should be concerning to enterprises:
- 72% believe their companies moved to the cloud without properly understanding the skills, maturity curve, and complexities of making it all work securely.
- 68% said their organization’s security skill set across all clouds was only “somewhat mature.”
- Only 8% of respondents confirmed they had implemented highly operationalized cloud security practices when spinning up new compute resources and environments; 83% say that they have “somewhat” done so.
- Only 6% of respondents say that their companies automatically build security into every workload up front; 51% say they do it “sometimes.”
“Several years ago in cybersecurity, companies realized that the single greatest threat vector was the individual end user. So, the focus shifted from perimeter and end-point security to automatically applying security at the user level,” said Jeff Kukowski, CEO of CloudBolt. “I think this new report reveals a similar parallel in cloud security. Macro solutions that don’t make cloud security automatic at the individual, cloud-provisioning ‘moment of truth’ create lots of opportunity for exposure and leave enterprises only ‘somewhat, sometimes’ secure. I predict 2023 will be the year we see significantly more focus on shoring up these current shortfalls. It’s a very solvable problem when you apply the right approaches.”
Respondents primarily attributed shortfalls in cloud security at the user level to a growing multi-cloud skills gap and over-reliance on cloud-native security and monitoring tools.
The growing multi-cloud skills gap
As first revealed in a previous CII study – “Filling The Gap: Service Providers’ Increasingly Important Role in Multi-Cloud/Multi-Tool Success”– there simply aren’t enough people with the necessary skills across all major cloud platforms to effectively address the biggest cloud challenges – including security. This latest CII report further validates these findings:
- 56% of respondents cited “depth of native cloud skill sets/expertise” as a top security concern.
- 29% pointed to a “lack of talent with deep security expertise” as an issue.
Over-reliance on cloud-native security and monitoring tools
Companies say they are largely utilizing the security tools each public cloud provider offers:
- 74% said they rely on these tools to provide “adequate security.”
- 84% indicated that simply using a monitoring tool like Prisma was the best way to deal with cloud security.
- 64% believe they can solve their cloud security concerns by embracing HashiCorp’s Terraform.
However, each is fraught with limitations that create the “somewhat, sometimes” security issues at the user level.
“People want to believe the cloud-native tools they use will simply take care of security for them,” said Kukowski. “But in a multi-cloud world, the unique nuances of settings and required knowledge between each major cloud create plenty of opportunities for errors, omissions, and mistakes by individuals. And monitoring tools alone cannot provide proactive and automatically applied guardrails. Companies appear to have been lulled into a false sense of security. The reality is that proper security processes, protocols and best practices must be built into cloud workloads up front to prevent missteps from happening in the first place. Not somewhat or sometimes – fully and all the time.”
For a deeper dive into the findings, read the full report: https://resources.cloudbolt.io/industry-reports/sometimes-somewhat-security-a-disconcerting-look-at-the-reality-of-hybrid-cloud-multi-cloud-vulnerabilities.
About CloudBolt Software
CloudBolt helps companies automate easily, optimize continuously, and govern at scale in hybrid and multi-cloud, multi-tool environments. Pulling together islands of automation, our solutions helps unify disparate capabilities for DevOps, ITOps, FinOps, and SecOps. Backed by Insight Partners, CloudBolt has won numerous awards and has repeatedly been recognized as one of the fastest-growing private companies on the Deloitte Fast 500 and the Inc. 5000 lists. For more information, visit www.cloudbolt.io.
Scratch Marketing + Media for CloudBolt Software