What cloud security gaps do organizations need to address now?
C-suite executives should not expect the pace of decision-making to slow as the pandemic continues. Network migrations to the cloud, which likely would have taken place over five years, will be compressed into much shorter time spans. In the race to move digital assets to the cloud, most organizations did not have time to ensure basic network security compliance. More than 30% of surveyed respondents said that they rely on their third-party providers to certify security management services.
Although the cloud enables organizations to respond rapidly to pandemic-related issues and market opportunities, the decentralized nature of this model adds complexity to how applications and computing resources are secured.
Who Secures What?
Organizations cannot simply move their critical business infrastructure and applications to the public cloud and assume that the hosting partner will take care of security. Cloud providers typically deliver the same standardized security across their customer base, essentially a “checkbox level” offering that meets basic requirements but does not meet the specialized needs of a specific enterprise.
This depends on the nature of the application and the enterprise’s readiness to move to the cloud as is or needing to be transformed into a cloud-native architecture. Organizations may assume that cloud providers are securing their digital assets without realizing how many gaps exist in the broadened attack surface.
To understand where the gaps exist in public cloud network security, organizations need visibility across all the different platforms from one holistic solution that enables management of the security posture by utilizing one common language. The goal is to be able to:
- Prevent attacks by reducing the size of the attack surface
- Detect and identify evolving threats
- Respond with accurate and effective mitigation
As network architectures get more complex, there is added pressure to secure the new points of attack vulnerability. Cloud environments introduce a significantly larger attack surface that requires protection from cyberattacks.
Mind the Gap
There is also a lack of visibility about which entity — the organization or the cloud service provider — is responsible for specific elements of network security.
In Radware’s 2019 State of Web Application Security Research report, 65% of the respondents said that they are not clear about security boundaries, and 53% of the respondents experienced data exposure as a result of misunderstandings with the public cloud provider regarding security responsibilities.