A pair of reports highlight the dangers that organizations could face from the use of multiple cloud services, due to the additional ways that attackers can breach an organization’s data.
Many modern organizations—big or small—don’t just have one cloud. They have many.
And getting those clouds, whether private or public, on the same page can be extremely challenging—which can create some big security headaches. That’s according to a pair of reports on the state of cloud security.
One, from the cybersecurity firm Tripwire, finds that more than 84 percent of respondents to a survey at the recent Black Hat security conference claim to have some sort of difficulty maintaining cloud configurations across platforms, with 17.1 percent saying it’s “very difficult.” Correspondingly, three quarters of respondents said that it was easy to accidentally expose data publicly through the cloud—a problem that affected the high-profile cloud collaboration service Box.com earlier this year.
The Tripwire report also noted that increasing complexity was a challenge with cloud security.
“Teams are faced with a much more complex environment to defend in general, with many forced to manage a complex hybrid environment of both on-premise and multiple private and public cloud environments,” the firm’s Ray Lapena said in the report.
Separately, research from Nominet, a major domain registrar in the United Kingdom, found that security faltered in multi-cloud environments, with 52 percent of firms with a multi-cloud approach running into data breaches, versus 24 percent with hybrid approaches.
“When it comes to ensuring resilience and being able to source ‘best-in-class’ services, using multiple vendors makes sense,” said the report of 300 C-level IT professionals [PDF]. “However, from a security perspective the approach also increases exposure to risk as there are a greater number of interfaces into the organization.”
The report found that an increased threat surface—a particular problem with multi-cloud environments—was a major concern for executives, with 52 percent of respondents citing it as something keeping execs up at night. The level was comparable to concerns over the loss of customer data (56 percent) and the increasing sophistication of cyber criminals (54 percent).
Both reports noted a need for flexibility with security software and an awareness of the impact that increasing cloud exposure can have from a security standpoint.
“As digital infrastructure continues to grow, it remains important to keep track of the attack surface, minimize it with secure configuration and vulnerability management, and monitoring it for changes,” Tripwire’s Lapena added.