Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles.
Forget about “shadow IT” or “rogue IT.” Tech-buying patterns that have line-of-business stakeholders buying and managing cloud assets are now unblinkingly referred to as “business-managed IT” by many organizations that see it as a driver for innovation. So says the “Harvey Nash/KPMG CIO Survey 2019,” which reports over two-thirds of organizations today either encourage or allow business-managed IT. That’s because companies that do so are 52% more likely to beat competitors to market and 38% more likely to provide positive employee experience.
The trouble is that without collaboration from IT or cybersecurity pros, these silos of cloud technology can become huge security blind spots for organizations. These same organizations innovate faster, but the survey also shows they’re twice as likely to have multiple areas of security risk exposures.
Misconfiguration of Internet-as-a-service (IaaS) and cloud data stores is the leading cause of some of the most damaging cloud breaches and data exposures today. Whether it’s from turning off default security settings standardized by cloud providers, using default passwords, allowing unrestricted access to certain services, or something else, misconfiguration problems introduce a raft of hidden risks that are frequently uncovered in the headlines only after an embarrassing incident. According to the recent “2019 Cloud Security Report,” some 40% of organizations say misconfiguration of cloud platforms is their top cybersecurity concern.
According to a recent report from the Cloud Security Alliance, some 55% of organizations run complex cloud computing environments that operate with a hybrid architecture. Such a setup offers a great way for large organizations to transition gradually to the cloud, but it introduces security visibility challenges as organizations struggle to track assets across the entire architecture and monitor activity across a complex myriad of hybrid cloud connections. In fact, a report out earlier this year from Firemon shows 80% of organizations are challenged by the limitations and complexity of tools used for monitoring and managing security across hybrid environments.