DivvyCloud, are a major provider of security and compliance automation for public cloud and container infrastructure. Containerization allows evelopment teams to move fast, deploy software efficiently, and operate at a greater scale. The company has released its “2019 State of Enterprise Cloud and Container Adoption and Security” report, containing information drawn from surveying around 2,000 enterprise IT professionals. The focus of the survey concerns the adoption by enterprises of cloud and container services. The report also contains the perceptions of I.T. professionals about the security risks associated with running such services.
The headline findings are that many organizations are typically running 40 percent of their workloads in the public cloud (most companies operate two or more public clouds). This increased number of clouds creates more complexity to effectively maintain security and compliance. Most others are either already at different stages of implementing cloud, or they plan to adopt a public cloud during the next twelve months. However, few of the respondents identified the greater risk of misconfigurations that can occur with a public cloud in contrast to traditional IT environments.
In terms of the main security risk highlighted, 57 percent of respondents cited data breaches as their biggest cloud and container security concern, while 44 percent cited misconfigurations. Others concerns mentioned were visibility and transparency (36 percent); followed by, weak authentication (36 percent), user and permission management (also 36 percent), loss of control (35 percent), abuse of cloud services (28 percent), insecure interfaces and APIs (25 percent), lack of forensic data (18 percent) and automated response (11 percent).
Generally the responses demonstrated insufficient understanding of the security challenges required for protecting data in the public cloud. The report also revealed that over one-third of respondents were unclear which standards were relevant to the governance of their organization’s cloud and container environments.
The trends also demonstrated that organizations are quickly embracing self-service cloud access for developers and engineers. While this process drives innovation, the report finds that it also compounds potential security and compliance complications.
According to Brian Johnson, CEO and co-founder of DivvyCloud: “Companies should feel empowered to embrace these tools, but it is essential that they have a true understanding of the compliance and security implications, and employ the people, processes and systems needed to maintain a strong security posture.”
