Partner content
Why security pros are frustrated with cloud security
Companies are struggling to keep up with cloud security, with 55% of security professionals believing at least half their time is wasted, in part because security event data is of uneven quality, which leads to false positives, according to a new report.
According to the report by cloud automation firm Lacework, based on a survey of 500 security practitioners and 200 executives, the vast majority of respondents regularly have to deal with at least a 20% false-positive rate and a third deal with a 50% false-positive rate. The analysts are not alone: Only a third of developers believe that the time spent on security is meaningful, according to the survey.
The outlook of security analysts should be a sign for organizations that they need to change the way they’re securing cloud infrastructure and services, says Mark Nunnikhoven, distinguished cloud strategist at Lacework.
“There is always security work to be done, so if people are doing work that they are finding not meaningful, we need to get the right information to them at the right time so they can do security,” he says. “There is a big disconnect between how organizations view the cloud, how they are using the cloud to try to move forward and innovate faster, and how security is struggling to keep up with traditional approaches.”
COVID to Cloud
Following the start of the coronavirus pandemic, organizations quickly moved operations to the cloud to support their now-distributed workforce. But after two years, companies still have a way to go before moving all of their operations to the cloud, as less than half of respondents (46%) to the Lacework survey considered their most important applications to be cloud-native. However, security professionals see cloud as the future, with almost all believing that every new digital workload will be deployed to a cloud-native platform in 2025.
Yet the shortage of meaningful data from the cloud means that companies lack visibility into their cloud services, infrastructure, and workloads. Gaining that visibility in real-time security, so-called “observability,” will be a key challenge for cloud-native companies, says Jeff Pollard, vice president and principal analyst at Forrester Research, a market research firm.
To read the complete article, visit Dark Reading.
Im sure I will get lots of push back, but anything that operates on the internet is always going to be vulnerable from a security aspect. For every countermeasure, there is a way around it. Companies need to keep critical systems isolated from the internet completely–not just with a firewall but with an unplugged cable!