Most security professionals say complex disks need to be “future-proof” in multi-cloud environments
A new study from Delinea found that 59% of respondents say the increased complexity of multi-cloud environments is driving the need for future-proof access security.
The report, released Wednesday, was based on 300 responses from IT decision makers and found that 86% of respondents were exploring ways to automate access controls, particularly for privileged access. Even though 68% of respondents are experiencing an increase in their budgets and staff, they continue to face growing threats from an expanding threat landscape that poses challenges to their teams.
Other important findings of the study include:
- 71% are confident they can recover quickly from a cyberattack.
- 69% think their current approach to privileged access is either very mature or mature.
- 89% monitor and can alert to unauthorized privileged activity.
“This report presents a puzzle, as respondents feel confident in their current cybersecurity posture, despite a significant number of breaches caused by compromised credentials,” said Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea. “Yet they also realize that the way to future-proof their organizations is through cloud automation, which for the most part presents a dynamic shift in approach, investments, and resources.”
Delinea research noted that as the cloud environment grows and becomes more complex, security teams are challenged to keep pace with this growth and complexity, said Avishai Avivi, CISO at SafeBreach. Avivi agreed that in the face of this complexity, security teams should look to future-proof technology.
“Research also suggests that today’s security technology may not keep pace with the complex cloud environment already in place,” Avivi said. “We agree with this recommendation and fully support the need to take advantage of technology that evolves with the cloud and enables enterprises to test their security posture even with this rapidly changing cloud environment.”
Charles “Chuck” Everette, director of cybersecurity promotion at Deep Instinct, added that while the idea of cloud automation is not new, it is difficult to implement and enforce due to environments. multi-cloud and hybrid computing. Everette said these automation tools must have access to all environments, but the question is who validates that the tools themselves are secure and have not been manipulated or breached themselves.
“Too often organizations put these kinds of controls in place and assume they’ll work forever,” Everette said. “It is critical that we are never satisfied with security, we need constant monitoring, auditing and validation.”
Jasmine Henry, director of field security at JupiterOne, said the 69% of Delinea respondents who believe they have a very mature or mature privileged access management approach might represent an overestimate of respondents’ maturity.
“Security automation is needed at every stage of the asset lifecycle, from creation to destruction of assets,” Henry said. “Security teams need automation to identify new assets and map asset relationships to understand the impact of real-time changes on risk. Security teams should also integrate automated security into the DevOps pipeline, so it’s easy for product engineers to define secure settings for assets at build time, such as default encryption or data classification. .