Appgate CybersecurityOctober 4, 2022
Is Your Security Strategy Keeping Up With Your Cloud Transformation?
Cloud adoption is nearly universal today and increasingly diverse. However, hybrid cloud and multi-cloud environments add complexity across a network’s security ecosystem. In fact, Ponemon Institute’s Global Study on Zero Trust Security for the Cloud reports that only 40% of IT decision makers and security professionals are confident their organization can ensure secure cloud access.
Traditional security tools aren’t working and there is a lack of coordination between IT, security and DevOps teams, while the pace of DevOps and transformation initiatives are moving quicker than ever. According to the Ponemon cloud security survey, sponsored by Appgate, 90% of respondents will have adopted DevOps and 87% will have adopted containers within the next three years, but modern security practices aren’t as widespread.
With innovation clearly outpacing security measures, many organizations are taking on unintended risks. Nearly half (45%) of the breaches from IBM’s Cost of a Data Breach Report 2022 occurred in the cloud. Organizations need a modern security strategy that provides adequate protection in private, public and multi-cloud environments.
Familiar security issues in the cloud
Many common network security risks are also prevalent in the cloud, but most organizations are struggling to secure these environments. Network monitoring and visibility (48%), in-house expertise (45%) and an increased attack vector with more exposed resources (38%) are the top three challenges of cloud security, according to the Ponemon study.
The cloud adds complexity because there is a shared responsibility for security with the cloud provider, but too many organizations don’t understand this gap and can’t hold up their end of the bargain. Cloud providers make frequent changes and updates and organizations that don’t have proper security controls or visibility into those changes end up less secure than they think.
Organizations are migrating to the cloud to increase efficiency and reduce costs, but many organizations can’t realize those benefits and properly secure their users and data. Only 42% of respondents in our survey can confidently segment their environments and apply the principle of least privilege access, and nearly a third say that there is no collaboration between IT, security and DevOps—presenting a significant risk.
Traditional, siloed secure access solutions, such as VPNs and NACs, don’t scale or offer adequate cloud protection. Instead, they impede user and developer productivity, which is antithetical to the agility benefits of moving to cloud environments.
Zero Trust access protects clouds, too
Secure cloud access should be a top business priority for any organization. According to our study, the top two security practices for achieving secure cloud access are enforcing least privilege access (62%) and evaluating identity, device posture and contextual risk as authentication criteria (56%). Both are core components of Zero Trust security.
Solutions built on Zero Trust principles, like Zero Trust Network Access (ZTNA), have skyrocketed in popularity over the last two years for their ability to secure remote access during the pandemic. But ZTNA use cases go much further to secure all user-to-workload and workload-to-workload connections no matter where they reside.
And the proven operational benefits of applying Zero Trust security across your full enterprise network are numerous. Respondents in the Ponemon cloud study report that have adopted a Zero Trust strategy report other benefits like increased productivity of the IT security team (65%), stronger authentication using identity and risk posture (61%), increased productivity for DevOps (58%) and greater network visibility and automation capabilities (58%). The additional benefits suggest that Zero Trust can drive significant productivity gains and accelerate digital transformation in addition to safeguarding cloud environments.
Looking past the Zero Trust myths
It’s true that Zero Trust isn’t universal yet. And, unfortunately, many cybersecurity vendors have hijacked the term without really delivering, which leads some to believe that Zero Trust is a marketing buzzword rather than a comprehensive security paradigm. This notion is reflected in our cloud study with Ponemon as 53% of respondents say they don’t plan to adopt Zero Trust and believe the term is “just about marketing.” However, many of those respondents also highlight ZTNA capabilities as being essential to protect cloud resources—pointing to confusion around what Zero Trust actually means.
It’s not a marketing term or a product that you can buy and install. It’s a cybersecurity framework that you adopt and you shouldn’t wait until your cloud transformation has reached maturity to add Zero Trust security principles to the mix. Frankly, your data and users are too important and add extra network risk and vulnerabilities, especially as cloud usage continues its upward trajectory.
With ZTNA, controls can be applied seamlessly across an entire heterogeneous environment, whether in the cloud, on-premises or remote. When implemented correctly, a Zero Trust security strategy can drive meaningful efficiency and innovation for both the security and business sides of an organization.
Additional Zero Trust cloud security resources
Ponemon report: 2022 Global Study on Zero Trust Security for the Cloud
Podcast: Perspectives on Zero Trust Security for the Cloud with Dr. Larry Ponemon
Video: Zero Trust, Zero BS with Jason Garbis, CPO
Infographic: Zero Trust Access for Cloud