While more than half of organizations use a hybrid cloud setup, many are still configuring security policies manually, or are using too many tools.
Traditional security practices can't keep up with the rapid pace of cloud adoption, according to Alcide's 2018 Report: The State of Securing Cloud Workload, released on Tuesday. Yet, 73% of security professionals are still configuring application security policies manually, said the report, which leads to wasted time and more errors. In order for businesses to keep their cloud workloads protected, they must turn to automated security processes, the report added.
The survey gathered nearly 350 responses from security, DevOps, and IT leaders, revealing that the majority of organizations are adopting complex cloud infrastructures. Some 53% of respondents cited using hybrid cloud systems and 18% reported using multi-cloud.
SEE: Quick glossary: Cloud platform services (Tech Pro Research)
Not only are the majority of these still conducting manual security configuration, but 22% of large enterprises (1000+ employees) are using 10 or more security solutions—a number that does more harm than good, said the report. Using too many security solutions only slows down critical initiatives in the business, but 75% of respondents expect their cloud security stack to increase in the next year, the report said.
Additionally, less than half of organizations (45%) have a security team solely dedicated to cloud functions, some 35% of organizations actually turn to either DevOps or DevSecOps teams for security, said the report. This data shows a move towards specialization, which has proven to be necessary in big corporations implementing new cloud technologies.
While adopting more cloud security tools is an understandable movement towards trying to be more secure, the use of too many security tools only results in a fragmented, inefficient cloud stack, the report said. And the larger the company, the more fragmentation, the report added.
As more companies adopt more cloud security solutions in 2019, the more fragmented their stacks become. Instead, the report recommended that organizations use a single platform that gives them centralized control over security policies, rather than inefficiently adopting multiple solutions to solve specific issues.
"Our report validates what we've seen with our own customers—modern organizations are
striving for a consolidated security approach that will support business velocity and tackle the
challenges associated with the overhead of multiple tools in use," said Karine Regev, vice president of marketing for Alcide, in the press release.
"Modern teams can't assume that emerging technologies like serverless are secure, and need a practical and uniform enforcement and management of security policies to control disparate and cloud-native services, infrastructure and environments."
Of course, readers should also note that Alcide sells a multi-cloud security platform.
The big takeaways for tech leaders:
- The majority of organizations are using hybrid or multi-cloud solutions, but 73% still configure application security policies manually. — Alcide, 2018
- 75% of organizations plan on increasing security tools in 2019, which will only lead to more fragmentation in cloud stacks. — Alcide, 2018
- Serverless architectures: 10 serious security problems (free PDF) (TechRepublic)
- VMware rolls out new cloud services for automation, security (ZDNet)
- Hybrid cloud: A cheat sheet (TechRepublic)
- How to create a security strategy for IoT (ZDNet)
- Serverless computing highlights new security challenges in hybrid IT (TechRepublic)