Cloud security posture management (CSPM) is a relatively new term in the field of cybersecurity, but it is already a thriving sub-field. Companies are already using it as they deal with the security challenges on the cloud. One recently published report shows how organizations are recognizing the importance of paying attention to cloud security.
This report, entitled the 2021 State of Cloud Security Posture Management, was published in June 2021, but it is worth revisiting in view of the growing interest in cloud security in the past weeks. As a recent NASDAQ opinion piece suggests, “cloud security should be the CEO’s wheelhouse too.”
Enterprises nowadays cannot ignore the need for solid cyber defenses on the cloud. Cybercriminals are always on the lookout for any opportunity that would allow them to break through cyber defenses. It is only logical to prepare for these attacks especially when it comes to the management of the overall security posture of an organization.
Here’s a summary of the most important points from the cloud security posture management report.
Multi-cloud and hybrid infrastructure leads to security and management challenges
The report shows that an overwhelming majority of organizations, at 91 percent, are operating with multi-cloud or hybrid cloud infrastructure. While this suggests that most organizations are seeing benefits in switching to the cloud, they are also cognizant of the fact that this switch entails challenges. They understand that it is not going to be an easy shift.
The report says that 47 percent of organizations are worried that they will be having problems with security visibility, configuration drift, misconfiguration, and the lack of inadequacy of cloud management skills. Reconciling configuration and management requirements among multiple cloud services and hybrid-cloud setups will present issues that can lead to security problems. Organizations have the choice of investing in employee training or the establishment of a new team (and hiring of experienced members) to deal with the new cloud management needs. Or, they can turn to using a third-party extended security posture management solution.
Security posture management simplifies and expedites the assessment and optimization of security controls. It also enables continuous security testing to ensure that there are no gaps for bad actors to exploit. It can also employ other solutions such as breach and attack simulation, advanced purple teaming, and continuous automated red-teaming to address security concerns that emerge with the migration to multi-cloud and hybrid infrastructure.
Moreover, the report indicates that nearly 3 in every 10 organizations are having reservations with the management of identity and security baselines. Multiple cloud and hybrid environments can make it very challenging to deal with various user accounts and access permissions. These concerns can be alleviated by an experienced cybersecurity team or a dependable security posture management solution, though.
Many organizations may be too confident with their cloud security posture
Despite the knowledge of the security difficulties of working with a multi-cloud and hybrid cloud infrastructure, the majority of organizations are confident in their cloud security. The report shows that some 68 percent of respondents say that they are highly confident in their cloud security.
This high degree of confidence in their cloud security, however, appears to be a disadvantage. It seems to create a false sense of protection, something that mirrors the situation painted by a cybersecurity survey among EU organizations. The EU survey shows a big drop in the number of organizations that perceive their security posture to be vulnerable. It reveals an 18-point drop in the number of organizations that think that their security controls and measures are not good enough, from 86 percent in 2018 to 68 percent in 2020.
Going back to the cloud security posture management report, it is notable that around 55 percent of organizations say that they have experienced security breaches. To compare, 68 percent of them said that they have high confidence in their cloud security, but a significant 55 percent, unfortunately, suffered breaches. The leading threats they encountered included ransomware and other malware, malicious insiders, and compromised accounts.
Cloud security posture management awareness and adoption are increasing
In what can be viewed as a silver lining, though, many organizations now realize the importance of cloud security posture management. Nearly 9 in every 10 of the organizations surveyed in the report say that they have become more open to the idea of cloud security posture management. Many are already getting acquainted with it, especially its advantages and benefits in addressing the ever-evolving threats that affect the cloud infrastructure. Respondents say that they learned about it from colleagues as well as from influencers.
It is worth noting, however, that around 3 in every 10 organizations that use cloud security posture management solutions think that they need more when it comes to visibility and compliance management. As such, they are considering switching to a different cloud security posture management solution provider.
On the other hand, nearly 4 in every 10 organizations say that they are in the process of adopting a cloud security posture management solution for the first time. The number of neophyte users represents a large bulk of the notable increase in cloud security posture management solution awareness and adoption.
There is a trend towards security proactiveness
Lastly, the study shows that organizations are now aware that their conventional cybersecurity approaches no longer suffice especially as they make greater use of the cloud infrastructure. They know that there are bigger challenges and the stakes are higher as they adopt multi-cloud and hybrid systems.
To address the new threats, they understand that they need to become proactive instead of being reactive. They need to anticipate issues and not deal with them only when they are already causing problems. They need to employ real-time threat detection and tracking solutions and enhance communication between the security team, DevOps, and the group of personnel/officers responsible for security compliance.
“Operations teams are managing increasingly complex cloud infrastructure and are hyper-concerned about misconfigurations and configuration drift resulting in security gaps and potential breaches. Our goal with this report is to assess what teams are experiencing today, understand their concerns, and drive conversations to improve cloud security,” says John Grange, the point person for the 2021 State of Cloud Security Posture Management Report.
Ensuring security for multi-cloud and hybrid infrastructure is a complex and multidimensional task. As such, organizations either become worried they are not doing enough or they are already confident in what they have in place. Unfortunately, the report shows more of the latter. It is good, though, that many organizations are now seeing the importance of proactive security on the cloud, which can be achieved with the help of a reputable and proven cloud security posture management solution.