sb-eu logo
Story image

Cloud tech developing faster than businesses can manage, FireMon finds

Public and hybrid cloud infrastructure environment is growing in complexity, and lacks automation and a lack of resources to effectively respond to demands.

This is based on FireMon’s new 2020 State of Hybrid Cloud Security Report, which sheds light on the current cloud security landscape.

The report states that while enterprises rapidly transition to the public cloud, complexity is increasing. Furthermore, visibility and team sizes are decreasing while security budgets remain flat. This poses a significant obstacle to preventing data breaches, FireMon states.

Enterprises are increasingly transitioning to public and hybrid cloud environments. As they do, their network complexity continues to grow and create security risks, the report states.

Meanwhile, they are losing the visibility needed to protect their cloud systems, which was the biggest concern cited by 18% of C-suite respondents, who now also require more vendors and enforcement points for effective security.

In addition, the report found that business acceleration has outpaced effective security implementations.

Nearly 60% believed their cloud deployments had surpassed their ability to secure the networks in a timely manner. This number was virtually unchanged from 2019, showing no improvement against a key industry progress indicator.

The number of vendors and enforcement points needed to secure cloud networks are also increasing; 78.2% of respondents are using two or more enforcement points. This number increased substantially from the 59% using more than two enforcement points last year.

Meanwhile, almost half are using two or more public cloud platforms, which further increases complexity and decreases visibility, according to the report.

Meanwhile, enterprises have less resources to effectively address issues that arise. In fact, the report shows that despite increasing cyberthreats and ongoing data breaches, respondents reported a substantial reduction in their security budgets and teams from 2019.

These shrinking resources are creating gaps in public cloud and hybrid infrastructure security, according to FireMon.

There was a 20.7% increase in the number of enterprises spending less than 25% on cloud security from 2019; 78.2% spend less than 25% on cloud security (vs. 57.5% in 2019). Meanwhile, 44.8% of this group spent less than 10% of their total security budget on the cloud.

Furthermore, many organisations trimmed the size of their security teams 69.5% had less than 10-person security teams (compared to 52% in 2019). The number of 5-person security teams also nearly doubled with 45.2% having this smaller team size versus 28.5% in 2019.

Misconfigurations are exacerbated by lack of automation and third-party integration, FireMon’s report finds. Cloud misconfigurations due to human-introduced errors is the top vulnerability for data breaches.

Even so, 65.4% of respondents are still using manual processes to manage their hybrid cloud environments.

On misconfigurations, almost a third of respondents said that this and human-introduced errors are the biggest threat to their hybrid cloud environment. Still, 73.5% of this group are still using manual processes to manage the security of their hybrid environments.

FireMon finds that better third-party security tools integration is needed. The report shows that the lack of automation and integration across disparate tools is making it harder for resource-strapped security teams to secure hybrid environments.

As such, 24.5% of respondents said that not having a centralised or global view of information from their security tools was their biggest challenge to managing multiple network security tools across their hybrid cloud.

FireMon VP of technology alliances Time Woods says, “As companies around the world undergo digital transformations and migrate to the cloud, they need better visibility to reduce network complexity and strengthen security postures.

“It is shocking to see the lack of automation being used across the cloud security landscape, especially in light of the escalating risk around misconfigurations as enterprises cut security resources.

"The new State of Hybrid Cloud Security Report shows that enterprises are most concerned about these challenges, and we know that adaptive and automated security tools would be a welcomed solution for their needs.”

The company states that harnessing automated network security tools, robust API structures and public cloud integrations, enterprises can gain real-time control across all environments to minimise challenges created by manual processes, increasing complexity and reduced visibility.

Automation is also the antidote to shrinking security budgets and teams by enabling organisations to maximise resources and personnel for their most strategic uses, according to FireMon.

The 2020 State of Hybrid Cloud Security Report features insights from more than 500 respondents, including 14% from the executive ranks, detailing cloud security initiatives in the era of digital transformation.

Story image
GCloud updates capabilities with Anthos enhancements
Google Cloud has announced improvements for hybrid compatibility, services, development, migration and identity security with updates to Anthos.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Strong cybersecurity posture crucial for company success - Fortinet
"They should also conduct due diligence to ensure partners aren’t inadvertently creating vulnerabilities with insufficient cybersecurity measures."More