By Lior Cohen | January 10, 2019
Migration to cloud-based compute and services platforms has allowed organizations to quickly adapt to the global transition to a digital economy. The ability to quickly spin up resources, adopt new applications, and respond in real time to end user and consumer demands allows organizations to compete effectively in today’s new digital marketplace. The result has been astounding. In just a few years, over 80% of enterprises have adopted two or more public cloud infrastructure providers, and nearly two-thirds are using three or more.
Growing Cloud Challenges
While the business advantages are significant, this rapid migration is also introducing complexities and risks that few organizations have adequately prepared for—right at a time when the cybersecurity skills gap is dangerously wide, and cybercriminals are more capable of exploiting vulnerabilities than ever before. Here are a few of the challenges that unchecked cloud adoption has introduced:
- New Cloud services are being adopted and used every day. However, it turns out that it is much easier to deploy a cloud application than to decommission it, so organizations are finding that cloud-based applications and services are piling up, making them increasingly difficult to manage and secure.
- The adoption of cloud-based applications and services is remarkably easy. Literally anyone across the organization can source a new cloud service. The challenge is that service creation is often not funneled through the central IT department, resulting in the creation of shadow IT. As a result, the organization has little idea of what services are being used, where corporate information is being stored, who has access to it, or what security strategies are in place to protect it.
- Complicating this further, adoption of these services is heterogeneous. Employees use different cloud services from different providers, and these different providers all offer different security tools, different native security controls, and different levels of security. This can make it extremely difficult to impose any sort of consistency to security policy distribution, orchestration, or enforcement.