A global survey conducted by Coleman Parkes for Dynatrace has found that muticloud deployments are making IT security more complex.
The survey, based on a poll of 1,300 chief information security officers (CISOs) in organisations with more than 1,000 employees, reported that, in spite of having a multi-layered approach to IT security, three-quarters of CISOs (75%) are worried that too many application vulnerabilities leak into production.
When asked to rank their top three concerns, 43% of CISOs cited security of data, 33% named managing data in the cloud, while 31% worried about their ability to meet future digital needs.
According to Dynatrace, the majority of organisations are spending more on public cloud deployments, with 95% seeing increased movement of infrastructure to the cloud as “inevitable”. On average, respondents claimed they were more than halfway towards meeting their goals in moving to the public cloud.
Of the 1,300 CISOs who took part in the survey, 95% said they wanted a clear majority of their IT spend to be in the public cloud by 2025. However, the survey reported that more than one-third of enterprises claimed cloud services adopted in the past three years had not fully met expectations.
Over two-thirds (69%) of CISOs said vulnerability management has become more difficult as the need to accelerate digital transformation has increased. The survey also found that, on average, application security teams waste 28% of their time on vulnerability management tasks that could be automated. In fact, 79% of CISOs said continuous runtime vulnerability management was an essential capability to keep up with the expanding complexity of modern multicloud environments.
According to Dynatrace, to deliver on its promised benefits and avoid either repeating issues that have plagued on-premise infrastructure or creating new issues of its own, cloud needs the right approach. It recommended that IT decision-makers choose services that embrace the agility and scalability that the cloud offers, instead of those that try to force users down a rigid path.
Dynatrace also recommended that users should have maximum control over setup and infrastructure, with the freedom to choose their own management strategies and tools that will allow them to provide the best service for themselves and their customers, without incurring additional costs.
“Organisations realise that to manage vulnerabilities in the cloud-native era effectively, security must become a shared responsibility,” said Bernd Greifeneder, chief technology officer at Dynatrace. “The convergence of observability and security is critical to providing development, operations and security teams with the context needed to understand how their applications are connected, where the vulnerabilities lie, and which need to be prioritised. This accelerates risk management and incident response.”