Study identifies challenges in managing cloud environments: human error and configuration mistakes the biggest causes of outages
- Published: Wednesday, 22 May 2019 08:01
The Cloud Security Alliance (CSA) and AlgoSec have announced the results of a new study, ‘Cloud Security Complexity: Challenges in Managing Security in Native Cloud, Hybrid and Multi-Cloud Environments’.
The survey of 700 IT and security professionals set out to analyze and better understand the state of adoption and security in current hybrid cloud and multi-cloud security environments, including public cloud, private cloud, or use of more than one public cloud platform.
Key findings of the study include:
Cloud creates configuration and visibility problems: When asked to rank on a scale of 1 to 4 the aspects of managing security in public clouds they found challenging, respondents cited proactively detecting misconfigurations and security risks as the biggest challenge (3.35), closely followed by a lack of visibility into the entire cloud estate (3.21). Audit preparation and compliance (3.16), holistic management of cloud and on-prem environments (3.1), and managing multiple clouds (3.09) rounded out the top five.
Human error and configuration mistakes the biggest causes of outages: 11.4 percent of respondents reported a cloud security incident in the past year, and 42.5 percent had a network or application outage. The two leading causes were operational / human errors in management of devices (20 percent), device configuration changes (15 percent) and device faults (12 percent).
Cloud compliance and legal concerns: Compliance and legal challenges were cited as major concerns when moving into the cloud (57 percent regulatory compliance; 44 percent legal concerns).
Security is the major concern in cloud projects: 81 percent of cloud users said they encountered significant security concerns. Concerns over risks of data losses and leakage were also high with users when deploying in the cloud (cited by 62 percent), followed by regulatory compliance concerns (57 percent), and integration with the rest of the organizations’ IT environment (49 percent).
Commissioned by AlgoSec and conducted by the CSA, the survey also looked to uncover insights on topics such as workloads being used in or moved to the cloud and how they are being deployed/migrated; types of cloud platform(s) being used by companies; common security challenges faced by companies when deploying workloads in the cloud; methods of managing risk and vulnerabilities in the cloud environment; and causes of network or application outages and the amount of time it took to remediate.