Businesses are increasingly turning towards multi-cloud to distribute risk, take advantage of differences in vendor pricing and support applications that require specific providers. However, as the number of providers grows, so do cybersecurity risks and challenges.
These are the conclusions of a new paper, recently published by cybersecurity company Tripwire. Polling 314 security professionals for the report, Tripwire found that while most (59 percent) of them have configuration standards and best-practice security frameworks (78 percent), less than two in five apply them with consistency.
Visibility also seems to be an issue, as just 21 percent have a centralized view of their firm’s security setup and compliance. Shared responsibility models, in which both the business and the provider are responsible for certain aspects of the cybersecurity posture, aren’t always clear and many firms rely on third-party security solutions.
Another major challenge is staffing, as just 9 percent of the respondents said they would describe their staff as “experts”. This is despite most businesses expecting their teams to go through training on a regular basis.
Finally, legacy systems don’t play well with multi-cloud, making safe migration a major pain point. Most of this process is “still manual”, the report concludes, which is why baseline expertize and continued training are essential for every organization’s success.
What many of the respondents would love to see, going forward, is cloud providers increasing security efforts, including following consistent security frameworks and communicating security issues faster.
Most of the respondents said cloud providers are "barely adequate" when it comes to security.