Businesses lack dedicated security teams focused specifically on protecting cloud resources from threats, and most organizations are in an entry-level phase in terms of their overall cloud security capabilities.
These were among the findings of an Osterman Research survey, sponsored by cloud infrastructure security company Ermetic, of 326 organizations in North America with 500 or more employees and that spend a minimum of $1 million or more each year on cloud infrastructure.
The study found that 56% of organizations are spending at least $10 million each year on cloud infrastructure, but 80% of organizations do not have a dedicated cloud security team or leader to secure its cloud infrastructure.
Moreover, only 5% of survey respondents currently meet the standards of the highest level —Automated & Integrated — of Ermetic's cloud security maturity model, which defines the key guidelines for a comprehensive security strategy, while 93% of large organizations are only at the low levels of cloud security maturity.
More than half (57%) of organizations adopting a multicloud strategy said they are
operating at the lowest level of cloud security maturity.
Related: The State of Cloud Security
The survey indicated that with each additional cloud, maturity of cloud security practices seems to get increasingly stuck at the "ad hoc" level.
Why Dedicated Cloud Security Team Is a Must to Secure Cloud Infrastructure
A dedicated security team is crucial for protecting cloud resources and services, since hundreds of services need to be protected and each service is a potential attack surface for hackers, according to Igal Gofman, head of research for Ermetic.
"Access management around resources is a complex task and requires deep knowledge of each vendor's access model," he said.
Gofman pointed out that cloud services can be easily accessed from anywhere and are an easy target for attackers since many have excessive permissions.
Please continue reading on our sister site ITPro Today.