Skip to main content

Report: 68% of companies say their cloud security is only ‘somewhat mature’

Image Credit: Hiroshi Watanabe/Getty Images

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


CloudBolt’s latest Industry Insights study, executed by the Gartner-owned Pulse research platform, asked 350 IT leaders at large enterprises around the world about the state of cloud security in their organizations. The results were eye-opening. 

Seventy-two percent of respondents believe their company moved to the cloud without “properly understanding the skills, maturity curve, and complexities of making it all work securely.” 

Image source: CloudBolt.

The study points to two main culprits for today’s cloud security deficiencies at the individual user level as workloads are being provisioned. The first is an industry-wide multicloud skills gap. The second is an assumption that sufficient security is already built into cloud-native tools.

To properly secure a multicloud architecture using traditional methods, you need talent with expertise and experience in every cloud and tool you use. But 56% of respondents cited “depth of native cloud skill sets/expertise” as a top concern, and another 29% said that a “lack of talent with deep security expertise” was an issue.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

Misplaced trust in suite-specific cloud security tools

Meanwhile, companies are also over-relying on cloud-native security tools without fully understanding their risks and limitations. Public cloud providers offer security tools for their customers, and most people believe these tools are sufficient – 74% of respondents said they provide “adequate” security. But these tools only work with their own product suite, and there are many idiosyncratic differences among them. In a multicloud environment that grows more complex by the day, this creates many opportunities for errors and omissions, which increase vulnerabilities across an ever-expanding attack surface. Respondents seem aware of this: 59% believe moving to the cloud has made their enterprises less secure.

There is a perplexing dichotomy between what organizations believe about the importance of cloud security and the approaches they are applying. On the one hand, most respondents (75%) acknowledged that “cloud computing is the single greatest expansion of the enterprise attack surface in the last 20 years.” Yet 83% said they have implemented highly operationalized security practices only “somewhat” when spinning up new resources, and 68% said their companies’ security skill sets across all clouds were only “somewhat mature.” 

“Sometimes” and “somewhat” are concerning terms when describing something as important as multicloud security. Time will tell if companies’ approaches will mature sufficiently.

Methodology

CloudBolt surveyed 350 directors, VPs and C-suite executives from companies with over 1,000 employees. Three-quarters were in North America, the rest in other regions of the world.

Read the full report from CloudBolt.

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.