Valtix has released new research, conducted by an independent research firm, which reveals the top challenges, opportunities, and strategies IT leaders are dealing with when it comes to multi-cloud security.
The survey of more than 200 IT leaders in the U.S. finds that while 95% of businesses are making multi-cloud a strategic priority in 2022 with security being top of mind (96%), only 54% feel highly confident that they have the tools or skills they need to execute. In fact, when it comes to multi-cloud operations in general, 76% of respondents believe it is “underinvested” at their respective companies.
Other industry experts weighed-in on this latest research and what it says about the industry and cloud security priorities:
Tim Bach, Vice President of Engineering at AppOmni:
It's not surprising that a majority of IT leaders are concerned about multi-cloud expansion given they are frequently expected to address cloud security concerns without having the tooling to do that job in a secure, efficient way. Whether their focus is on security monitoring for cloud infrastructure providers, such as Google Cloud, AWS, and Microsoft Azure, or the increasingly more complex security needs for the dozens of SaaS platforms their businesses rely on, CIOs and CISOs are expected to manage security controls and monitoring for an increasing number of clouds that house more and more sensitive data and critical business processes.
While cloud infrastructure security concerns have been well-known and discussed for years, properly securing SaaS data is becoming more challenging each day. Given the large number of SaaS platforms used by the average enterprise, the dynamic nature of SaaS, and the lack of standardization across platforms, security teams can’t realistically monitor all permissions and configurations manually, or even maintain the required level of expertise across all of them in-house.
In order to help IT and security leaders feel confident in their ability to support an organization’s multi-cloud expansion, those teams need to be empowered with purpose-built, automated security solutions that stay current with the updates and nuances of each SaaS application. Security technologies that can alert and educate in-house security practitioners about potential issues and suggest ways to solve them will continue to be the most scalable solution to this problem.
John Yun, Vice President of Marketing at Confluera:
Despite the recent rapid adoption of cloud services, many organizations recognize the different security requirements between cloud services. Hence, it's no surprise that many organizations are hesitant to adopt multi-cloud architecture due to security concerns despite the obvious business benefits. In fact, I believe in today’s industry, 51% is a very optimistic view. Majority of organizations are resisting multi-cloud adoption due to the security concerns and complexities.
Organizations today are struggling to provide consistent security coverage across all their environments, on-premise and cloud. Accounting for different security requirements of each cloud environment on top of the current challenge presents itself as a Herculean task. Ramping up on one cloud service and leveraging its unique capabilities further complicates the task of expanding to a multi-cloud environment. It’s critical for organizations to leverage security solutions designed specifically for the cloud that can grow with the organization needs including multi-cloud environments.
Kevin Dunne, President at Pathlock:
More than ever, companies are feeling pressure to adopt a multicloud solution to provide great resiliency and flexibility to the business. Multicloud comes with benefits when it comes to key cloud pain points like unexpected outages, or increasing costs to renew cloud services.
While multicloud may provide business benefits, it does increase security risk. The multiple clouds in place must be able to communicate with each other, which introduces risk of data being lost during transmission. Additionally, many of the security solutions built into the providers themselves only work on their own cloud, so they lose sight of any user behavior or risk as it traverses cloud environments. Additionally, there is increased effort for security professionals to understand each different cloud provider and the tools available to them on each platform.
Customers who are adopting multicloud environments must invest in best of breed tools that offer interoperability and normalization across these various cloud environments. Solutions to manage these platforms must not only integrate to these cloud platforms, but also provide the ability to understand and react to threats across the cloud landscape via a standardized interface. When the right security tooling is in place, it is possible to adopt a multicloud environment and reap the business benefits of the solution without taking on unnecessary risk.
Mohit Tiwari, Co-Founder and CEO at Symmetry Systems:
Organizations are challenged by having to secure data that is constantly transposed by digital processes and business ecosystems spanning storage silos on-premises and in multi-cloud environments. The multi-cloud environment has a reputation of being hard to secure. There are production data stores (SQL, NoSQL, caches, queues, ...), analytics data lakes, etc. that contain sensitive data and talk to the internet. This complexity is encouraging vendors to rapidly amalgamate disparate data security capabilities into multi-cloud data security platforms. Organizations applying these newer platforms are securing their data better and more easily and have a view into where their sensitive data is, who is accessing it and how the data is being used across a multi-cloud environment.