Companies Lack Capabilities to Secure Cloud Infrastructure: Report

Most of the organizations that spend at least $1 million each year on cloud infrastructure are operating at the lowest level of cloud security maturity, a report finds.

Nathan Eddy

October 25, 2022

2 Min Read
drawing business and 3d laptop. Cloud computing concept. Isolated on white background
Zoonar GmbH / Alamy Stock Photo

Businesses lack dedicated security teams focused specifically on protecting cloud resources from threats, and most organizations are in an entry-level phase in terms of their overall cloud security capabilities.

These were among the findings of an Osterman Research survey, sponsored by cloud infrastructure security company Ermetic, of 326 organizations in North America with 500 or more employees and that spend a minimum of $1 million or more each year on cloud infrastructure.

The study found that 56% of organizations are spending at least $10 million each year on cloud infrastructure, but 80% of organizations do not have a dedicated cloud security team or leader to secure its cloud infrastructure.

"Protecting cloud resources is a unique skill set in comparison to legacy IT security. Legacy skill sets, mindsets, and certifications have not kept pace with the security demands of our cloud-native environments."

— Jasmine Henry, field security director, JupiterOne

Moreover, only 5% of survey respondents currently meet the standards of the highest level —Automated & Integrated — of Ermetic's cloud security maturity model, which defines the key guidelines for a comprehensive security strategy, while 93% of large organizations are only at the low levels of cloud security maturity.

Related:Amazon to Create a Cloud Infrastructure Region in Western Canada

More than half (57%) of organizations adopting a multicloud strategy said they are

operating at the lowest level of cloud security maturity.

Related: The State of Cloud Security

The survey indicated that with each additional cloud, maturity of cloud security practices seems to get increasingly stuck at the "ad hoc" level.

Why Dedicated Cloud Security Team Is a Must to Secure Cloud Infrastructure

A dedicated security team is crucial for protecting cloud resources and services, since hundreds of services need to be protected and each service is a potential attack surface for hackers, according to Igal Gofman, head of research for Ermetic.

"Access management around resources is a complex task and requires deep knowledge of each vendor's access model," he said.

Gofman pointed out that cloud services can be easily accessed from anywhere and are an easy target for attackers since many have excessive permissions.

Please continue reading on our sister site ITPro Today.

About the Author(s)

Nathan Eddy

Nathan Eddy is a freelance writer for ITProToday and covers various IT trends and topics across wide variety of industries. A graduate of Northwestern University’s Medill School of Journalism, he is also a documentary filmmaker specializing in architecture and urban planning. He currently lives in Berlin, Germany.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like