Even though misconfigurations in public clouds create risks to enterprise security, a new study found that more than half of IT professionals do not really understand the risks inherent in public cloud misconfigurations as well as they understand risks within their traditional IT environments.
The 2019 State of Enterprise Cloud and Container Adoption and Security report published by DivvyCloud found that despite the reality that cloud adoption is on the rise, IT professionals are unaware of the security risks associated with their organizations’ adoption of cloud and container services. In fact, less than half of participants could accurately identify that the risk of misconfiguration in public cloud is higher than the risk in traditional IT environments, the study found.
The survey of nearly 2,000 enterprise and IT professionals found that on average, 40% of organizations are running their workloads in the public cloud, with 89%t stating that they are either in various stages of cloud implementation or have plans to adopt public cloud within the next year.
Overall, the study results indicated a lack of understanding of the security challenges associated with protecting data in the public cloud. More than one-third of respondents admitted they are uncertain which governance standards are most relevant to their organization’s cloud and container environments.
Still, according to the survey, nearly two-thirds of organizations continue to embrace self-service cloud access for developers and engineers. Companies are widely relying on AWS (50%) and Microsoft Azure (37%) as their primary cloud solution, according to the report.While self-service cloud access does allow for innovation, it also creates compliance challenges and opens the door to potential security issues.
“Modern services including public cloud, containers, serverless and microservices are helping enterprises innovate quickly and maintain a competitive position in the market,” said Brian Johnson, CEO and co-founder of DivvyCloud said in a press release.
“Companies should feel empowered to embrace these tools, but it is essential that they have a true understanding of the compliance and security implications, and employ the people, processes and systems needed to maintain a strong security posture.”