Confluera: Cybersecurity Top Concern in Cloud Adoption Strategies

New Confluera research shows cybersecurity remains a top obstacle as most organizations accelerate their cloud adoption strategies.

Confluera polled 200 U.S. IT leaders at medium-to large-sized organizations on how they are tackling the cloud-centric IT security landscape.

According to the Confluera cloud security research, 97% of IT leaders said their strategy includes the expansion of cloud deployments. In some cases, that includes the adoption of multiple platforms such as Amazon Web Services (AWS), Google Cloud and Azure.

This strategy is not without its challenges, however. About 63% of IT professionals identified cyber threats designed to target cloud services as the top obstacle to their cloud strategy.

Cloud and multicloud adoption has greatly increased the workload of already burdened IT teams. Among the respondents, about half said they are adequately staffed to manage the frequency of alerts they receive. IT teams spend 54% of their time investigating security alerts. And over half of those alerts turning out to be false or benign alarms.

As threats within the cloud proliferate, IT leaders are looking for solutions to help them quickly separate the signal from the noise so they can act on the real threats promptly.

Increased IT Security Workload

John Morgan is Confluera‘s CEO.

Confluera’s John Morgan

“One of the most significant findings from the report is the adoption of cloud services being the biggest contributor to increased IT security workload, ahead of supporting remote access and workers,” he said. “With the change in work model, many organizations had prioritized the security related to the use of endpoint devices, personal devices and unknown networks. With many organizations across industries accelerating and expanding their cloud deployments, the new finding is an important data point for them to consider. Their cloud strategy must account for the additional security resources and dedicated tools, without which they are almost guaranteed to experience disruptions and delays to their deployment plans, not to mention increasing the potential for breaches.”

Many organizations should also take time to reassess their attack detection strategy, Morgan said.

“The survey showed that while the overwhelming majority of organizations create threat storyboards of attacks, they do so using third-party services and mostly as part of the forensic exercise after an incident,” he said. “Organizations must rethink and change their strategy to leverage some of the modern technology to get ahead of the attacks and intercept them before they can do harm.”

Top Challenges

When asked what challenges were associated with adopting multiple cloud platforms, 69% said maintaining consistent cybersecurity coverage across all cloud infrastructures. Nearly half said securing the resources to manage different cloud infrastructures. In addition, nearly 45% identified the difficulty detecting threats progressing from one cloud infrastructure to another.

The Confluera cloud research also shows cloud adoption isn’t slowing down because of cybersecurity concerns.

“In fact, many organizations are not simply expanding their services, but also embarking on multicloud services,” Morgan said. “The problem is that something will have to give. If organizations push forward with their cloud strategy, but it does not address the security concerns, they will have significant security exposure. As identified in the survey, many IT professionals are optimistic for 2022 primarily based on security innovations. Now the organization must make the necessary investment to match.”

The majority of respondents note the availability of new cybersecurity tools as the reason for their positive outlook.

“Organizations should focus on maximizing the IT security staff’s time, enabling them to work smarter,” Morgan said. “Automation can help. However, streamlining the wrong part of the security process can make the situation even worse by increasing the tasks requiring human analysis. What organizations should focus on is to assess which aspects of the IT security staff’s task can best be automated. For example, with so much time lost investigating false positives, streamlining the process to bubble up only the alerts that matter can drastically improve security staff’s productivity as well as improve their job satisfaction.”