Cloud adoption has skyrocketed in the past few years, and while many entities were in the process of migrating to the cloud, the pandemic accelerated this move.
According to Check Point’s 2022 Cloud Security report, this has resulted in 98% of companies using some form of cloud-based infrastructure.
But cloud environments aren’t the same as on-premise ones, so traditional security tools and approaches do not always work well in the cloud. This is presenting significant challenges to those trying to secure their new cloud infrastructure.
The fact that most organisations have multi-cloud deployments also adds to the scale and complexity of their cloud infrastructure.
Some of the challenges that multi-cloud users said they faced include data protection and privacy (57%), access to cloud skills (56%), solution integration (50%), and loss of visibility and control (46%).
Cloud providers
The report also revealed that more than three-quarters of respondents (76%) use two or more cloud service providers, and nearly a quarter (24%) say they use more than five.
This cloud infrastructure complexity makes it tricky to consistently monitor and secure these cloud environments. Additionally, over half of companies (54%) believe that the built-in security offerings of their cloud providers are not as effective as solutions from a third-party vendor.
Automation, orchestration
Check Point says as entities transition to complex, multi-cloud deployments, automation and orchestration are key to maintaining security at scale.
Businesses are using a variety of security tools to help implement security controls and processes. Some 48% said they are using templated infrastructure as code (IaC) and security as code, such as Terraform or AWS CloudFormation.
Another 44% are using serverless technologies such as Lamba or Azure functions, the same number cited continuous integration and deliver plugins such as Jenkins or TeamCity.
In addition, 41% said they are using security orchestration, automation and response or SOAR tools, or configuration orchestration tools such as Chef or Ansible. Only 5% said they are relying on Web application firewalls.
DevOps cycle
Shifting security left by integrating it into earlier stages of the software development lifecycle (SDLC) can dramatically reduce the costs and impacts of vulnerabilities or code that violates regulatory compliance requirements, the company says.
Check Point found that businesses are implementing DevOps security and compliance testing into various stages of the SDLC, including system testing and production (52%), feature development and unit testing(42%), staging (42%), and no testing (10%).
Cloud compliance
When it comes to compliance, the various data protection regulations and industry standards make this a must for every company.
However, designing and implementing compliance policies for cloud environments is dramatically different from on-premise systems.
Some of the biggest cloud compliance challenges faced by businesses include a lack of knowledge and expertise (55%), changing environments (43%), complex audits (42%), and compliance monitoring (42%).
Other challenges include changing requirements (36%) and compliance automation (27%).
Share