Multicloud Businesses Face Higher Breach Risk

A new report finds 52% of multicloud environments have suffered a breach within the past year, compared with 24% of hybrid cloud users.

More than half of firms running multicloud environments have been hit with a data breach in the past year, compared with 24% of hybrid cloud organizations and 24% of single-cloud users.
To gain a better understanding of how the public and private sectors are engaging with the $325 billion cloud market, researchers with Nominet polled 274 CISOs, CTOs, CIOs, and other professionals responsible for cybersecurity in large organizations across the US and UK. While 61% believe the risk of a breach is the same or lower in the cloud compared with on-prem environments, it seems there is a link between the number of clouds used and risk of attack.
The majority (71%) of respondents use software-as-a-service (SaaS) and 60% use infrastructure-as-a-service (IaaS). Fewer have moved to platform-as-a-service (PaaS) or business-process-as-a-service (BPaaS). Nearly half (48%) report their organizations uses a multicloud approach, and 24% use hybrid cloud. Only 29% of respondents use cloud services from one provider. Google Cloud was the most popular (56%), followed by IBM (49%), Oracle (44%), Microsoft Azure (36%), and AWS (32%).
Businesses using a multicloud approach are both more likely to have experienced a breach and more likely to have suffered multiple breaches: Sixty-nine percent of multicloud businesses report 11 to 30 breaches, compared with 19% of single-cloud organizations and 13% of hybrid cloud users.
Nominet vice president Stuart Reed points to a tipping point in terms of cloud adoption as more businesses consider the potential risks involved. Still, 69% remain moderately, very, or extremely worried about cloud security. Most fear cybercriminal sophistication and customer data exposure; other trepidations relate to increased attack surface, Internet of Things devices, and visibility.
These concerns no longer block cloud adoption as organizations recognize the clouds potential to drive growth. I think a lot of major SaaS applications are finding their way into enterprises as a matter of course now, he says. Were beyond the point of people dipping their toe in. Organizations are beyond using one cloud; now, more of them use at least two – if not more.
There is a huge amount of choice out there in the market, from a cloud perspective, Reed says. Organizations, generally speaking, have varied requirements depending on the project [theyre] doing. A cloud service that works for one project may not work for another, for example, or have different geographical requirements. Companies solution is to use several.
The higher likelihood of a breach for multicloud businesses has less to do with the security of each provider and more to do with heightened complexity. Each new cloud service increases the number of touch points onto a network, expanding opportunities for an attacker to get in.
The traditional view of the network is becoming increasingly dissolved, he continues. The network becomes broader, wider, and more significant. The need to be able to have a good level of visibility across that is highly important.
Navigating the Complexity of Cloud
For businesses working to secure existing multicloud environments, or those considering an additional cloud provider, Reed advises taking inventory of where assets reside and understanding the full breadth of the clouds. Knowing the implications of where data passes through and how it reaches other parts of the network or the Internet is important to achieve the level of visibility and understand what normal behavior looks like in the organization.
Nearly two-thirds of respondents (63%) already outsource cloud security to managed service providers,
Nominet found
. For organizations considering outsourcing, Reed emphasizes the importance of asking the right questions. Understand what they are able to offer and the security processes and procedures in place. This creates clarity between the supplier and organization in terms of what should happen when a breach is identified and how to mitigate it.
Its the same level of diligence they need to apply to any supplier, he says.
Most (57%) respondents expect their cloud security budgets to increase, researchers found; the only industries where its expected to lower are pharmaceuticals and hospitality. Budget increases could signify a more security-conscious organization, they report, or a response to an incident. Respondents are likely to believe cloud security budgets are increasing if their organization had been hit with a cyberattack in the 12 months prior.
Related Content:
7 Biggest Cloud Security Blind Spots
3 Promising Technologies Making an Impact on Cybersecurity
Google Uncovers Massive iPhone Attack Campaign
Overburdened SOC Analysts Shift Priorities
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
It Saved Our Community: 16 Realistic Ransomware Defenses for Cities
.

Last News
▸ Tackling The TDoS Threat. ◂ Discovered: 26/12/2024 Category: security	▸ Ruby On Rails Under Attack ◂ Discovered: 26/12/2024 Category: security	▸ Recap of Recent Data Breaches ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Multicloud Businesses Face Higher Breach Risk