Security teams not keeping up with cloud expansion, survey says

Image: shylendrahoode via iStock

A new survey has revealed that firms moving vast amounts of work to cloud-based services are expanding their attackable surfaces, but that security teams are not keeping up.

According to the research, carried out by security firm CloudPassage at this year’s Black Hat conference, companies have not hired enough people to combat potential threats.

A total of 94 per cent of survey respondents said that migrating their data from traditional infrastructures to cloud services increased server workloads by between two and 100, which in turn increases attackable surface areas.

Of those who reported an increase in the number of server workloads when they moved to the cloud, 33 per cent of respondents reported they doubled the number of server instances from their traditional data centres. Meanwhile, 25 per cent reported the number of server instances to be five times higher in the cloud than in their traditional data centres.

Despite this additional work, 85 per cent of those surveyed said that their IT departments have not kept pace, keeping security teams at the same size. A number of other respondents said that their firms are not automating security controls on cloud workloads.

Carson Sweet, co-founder and chief technology officer of CloudPassage, said: “While organisations have started to understand that cloud infrastructure can deliver faster development, deployment, and innovation cycles, many are not thinking about the related impact to security operations.

It only takes one compromise to derail adoption of these new technologies and wreck the value they otherwise could have added.”

Only 28 per cent of respondents said their firms are leveraging a full suite of tools that enable them to secure and audit cloud server workloads automatically when configuring and deploying them, with 35 per cent not automating security for configuration or deployment at all.