A global survey of 414 IT practitioners published this week found 40% of respondents are relying on legacy platforms and practices originally designed for on-premises IT environments to secure cloud computing environments.
Conducted by Aviatrix, a provider of a cloud firewall, the survey found 37% are relying on native services from cloud service providers, while less than a quarter (23%) are using third-party solutions built for the cloud. Only 42% strongly agreed that their organization’s approach to cloud security is achieving its objectives.
The survey also noted nearly half (47%) of cloud network outages were caused by human error. Firewalls (31%) were found to more often to be the cause of such an outage than a cyberattack (15%), the survey finds.
Overall, the survey identifies a lack of in-house skills (49%), followed by budget constraints (45%), lack of training (45%), interoperability between cloud service providers (44%) and security concerns (41%) as the biggest obstacles to cloud computing. In addition, only just over a third (35%) are very confident they know of every instance of cloud computing their organization employs and a similar number have incurred unexpected cloud networking costs.
Implementing cost controls and visibility and troubleshooting in terms of time and effort spent as being tied at 45% for the biggest hurdles IT teams face, the survey also finds.
Nearly two-thirds (63%) also struggle to hire the necessary candidates to support cloud initiatives, with slightly more (66%) also struggling to find educational resources to learn skills such as cloud platform expertise (61%) security (57%), multi-cloud network architecture and design.
Rod Stuhlmuller, vice president of solutions marketing for Aviatrix, said the survey makes it clear the complexity of cloud computing environments remains a major challenge, an issue generative artificial intelligence (AI) projects are about to further exacerbate. The survey finds 30% already reported they have increased plans to invest in cloud computing because of AI initiatives.
Stuhlmuller noted that as more workloads are deployed on the cloud, many IT organizations will need to revisit everything from application development and deployment to security.
Aviatrix, for example, is making a case for a Distributed Cloud Firewall (DCF) that programmatically pushes and enforces cybersecurity policies for cloud computing environments via a central console to enable cybersecurity teams to inspect traffic and enforce policies wherever application traffic naturally flows. In contrast, other centralized approaches to cybersecurity often require organizations to reroute traffic to specific firewalls to inspect it before policies are applied.
The survey finds that convergence of security and networking in the cloud will one day simplify operations and reduce risk (67%). It also finds respondents are hopeful that convergence will improve communications between cloud networking and cybersecurity teams.
In the meantime, cybersecurity teams clearly need to acquire cloud computing expertise. Cybercriminals are increasingly targeting these platforms simply because the percentage of application workloads running on them continues to increase. Unfortunately, far too many cybersecurity teams still lack visibility into these environments simply because they are typically provisioned directly by application developers rather than a centralized IT team. Given the general lack of cybersecurity expertise the average developer has, it should not be much of a surprise that there are more vulnerabilities than anyone cares to admit.
Recent Articles By Author