A new study has revealed that nearly all security professionals operating in a multi-cloud environment believe it's riskier than relying on a single cloud provider.
The research, published today by global security and compliance solutions provider Tripwire, is based on a June 2021 survey of 314 security professionals with direct responsibility for the security of public cloud infrastructure within their organization.
Nearly three quarters (73%) of those surveyed currently work in a multi-cloud environment. Of those, 98% said that depending on multiple cloud providers creates additional security challenges.
The findings follow the Biden administration's recent cancellation of the single-provider JEDI Cloud contract in favor of the multi-cloud/multi-vendor Joint Warfighter Cloud Capability (JWCC).
More than half of security professional (59%) have configuration standards for their public cloud, and over three quarters (78%) use best practice security frameworks. However, just 38% of framework users apply those frameworks consistently across their cloud environment.
Keeping track of events is tough for the majority of professionals, with only 21% saying that they have a centralized view of their organization’s security posture and policy compliance across all cloud accounts.
Another thorny issue for professionals was knowing where their responsibilities end and where those of their cloud service providers and customers begin. The major said that shared responsibility models for security were not always clear, and three quarters said that they rely on third-party tools or expertise to secure their cloud environment.
"We’ve seen a massive shift to cloud in response to the growing business need to manage more data and have greater accessibility,” said Tim Erlin, vice president of product management and strategy at Tripwire.
“Given the growing complexity of systems and threats that come with moving to a cloud environment, and security policies that are unique to each provider, it makes sense that organizations are finding it increasingly difficult to secure the perimeter."
Another of the survey's key findings was that most organizations follow a high-risk strategy regarding cloud environment management, relying on existing security teams to complete training or self-teach. Only 9% of those surveyed said they would categorize their internal teams as experts.