Absicherung von Cloud-Infrastrukturen stellt Unternehmen vor Herausforderungen
Die Komplexität öffentlicher und hybrider Cloud-Infrastrukturen, die mangelnde Automatisierung von Sicherheitsprozessen und rückläufige Ressourcen resultieren in Konfigurationsfehlern, die Datenverluste nach sich ziehen können.
SAN FRANCISCO / RSA-Konferenz 2020 – FireMon veröffentlichte mit dem „2020 State of Hybrid Cloud Security Report“ jetzt die jüngste Ausgabe seiner jährlichen Benchmark-Studie zum Status Quo der Sicherheitslandschaft in der Cloud. Diese zeigt die größten Herausforderungen auf, denen Unternehmen beim schnellen Wechsel auf öffentliche Cloud-Umgebungen gegenüberstehen. Laut den über 500 Befragten, von denen 14 Prozent zur obersten Führungsebene zählten, lässt sich der Sicherheitsstatus von Infrastrukturen bei zunehmender Komplexität schwerer überblicken. Zudem gaben sie an, dass für das Thema IT-Security zuständige Teams immer kleiner werden und die für Absicherungsmaßnahmen bereitstehenden Budgets auf gleichbleibend niedrigem Niveau stagnieren. Zusammengenommen steige dadurch das Risiko, Datenverluste zu erleiden. Ein weiterer Schwerpunkt der Untersuchung lag darauf, mehr über die von Unternehmen im Zeitalter des digitalen Wandels angestoßenen Cloud-Security-Initiativen zu erfahren.
The complexity and scope of cloud environments creates security problems
As a result of the ever faster switch to public and hybrid cloud environments and the associated increasing network complexity, companies are facing new security risks. According to 18 percent of the executives surveyed, this is partly due to the fact that the overview necessary to protect the cloud systems is missing. An effective safeguard requires cooperation with a larger number of manufacturers and more enforcement points.
Further results of the 2020 FireMon State of Hybrid Cloud Security Report :
- The implementation of effective security measures lags behind the rapid development of business processes.
- As in 2019, almost 60 percent of those surveyed are able to provide business services in the cloud more quickly than securing the networks. So no improvements have been made in this area, which is considered an important indicator of progress in the industry.
- Almost half of all respondents are now traveling in two or more public cloud environments. This increases the complexity to be mastered, while at the same time there is a lack of an overall overview of the security status. In order to optimally protect the infrastructures, companies are now using solutions from more and more providers. In addition, 78.2 percent of companies use two or more enforcement points. This corresponds to an increase compared to 2019: here the value was still 59 percent.
Budget and personnel cuts lead to incomplete protection
Given the growing number of cyber threats and ongoing data breaches, one might think that companies are increasing their IT security budgets and teams. According to the FireMon study, however, the opposite is the case. Compared to 2019, the funds made available for security measures fell, and jobs were cut. If there is a lack of financial and human resources, however, public and hybrid cloud infrastructures cannot be fully secured.
- Security risk : budget cut : In 2019, 57.5 percent of the companies surveyed spent less than 25 percent of their total IT security budget on securing cloud infrastructures. In the meantime, their number has increased by 20.7 percentage points to 78.2 percent. 44.8 percent of them even take less than ten percent of the total amount at their disposal.
- As a rule, understaffed and chronically overloaded IT security teams : Although cloud infrastructures offer an ever larger attack surface for cyber attacks and the potential for data breaches increases, companies are reducing the number of IT security employees. Compared to 2019 (52 percent), 69.5 percent of the companies surveyed now work with teams that are not even ten strong. At 45.2 percent, which is significantly more than before (28.5 percent), this even consists of fewer than five employees.
Lack of automation and integration of third-party solutions
Misconfigurations in the cloud due to human blunders are still the biggest vulnerability that can be exploited for data breaches. Although the automation of security processes remedies this, there is obviously a need to catch up in this area. After all, 65.4 percent of the companies surveyed continue to use manual processes to manage hybrid cloud environments.
- Almost a third of respondents consider misconfigurations and human error to be the greatest danger that threatens their hybrid cloud environment. Nevertheless, the automated management of the infrastructure sounds like a dream for most of them. This can be seen from the fact that 73.5 percent do security management manually in hybrid environments.
- The effective protection of hybrid cloud environments often fails because the various security tools used for this purpose do not interact and, as a result, processes cannot be fully automated. The lack of integration and the resulting lack of provision of central or global information therefore see 24.5 percent of those surveyed as the greatest challenge for their already resource-poor IT teams when it comes to managing the numerous applications.
Automated network security tools, stable API structures and public cloud integrations pay off on many levels. They ensure that companies can monitor all environments in real time, thereby solving the problems previously associated with manual tasks, increasing network complexity and a lack of an overall view. With the automation of processes, financial resources and employees can be freed up for strategically more important projects, which means that budget and personnel cuts are less important.
Quote Tim Woods, Vice President Technical Alliances, FireMon
“The digital change is unstoppable. Transformation initiatives, including migration to cloud infrastructures, are picking up speed around the world. In order to keep the resulting network complexity in check and to secure environments consistently and comprehensively, companies rely on solutions that provide visibility. In this respect, it is shocking to see that security processes in cloud environments are usually not yet automated. Particularly in view of the escalating risk of misconfigurations as soon as the funds required to secure the infrastructure are cut. Our current study on the state of security in hybrid cloud environments makes it clear