Companies Lack Capabilities to Secure Cloud Infrastructure: Report

Most of the organizations that spend at least $1 million each year on cloud infrastructure are operating at the lowest level of cloud security maturity, a report finds.

Nathan Eddy, Contributor

October 25, 2022

2 Min Read
drawing business and 3d laptop. Cloud computing concept. Isolated on white background
Zoonar GmbH / Alamy Stock Photo

Businesses lack dedicated security teams focused specifically on protecting cloud resources from threats, and most organizations are in an entry-level phase in terms of their overall cloud security capabilities.

These were among the findings of an Osterman Research survey, sponsored by cloud infrastructure security company Ermetic, of 326 organizations in North America with 500 or more employees and that spend a minimum of $1 million or more each year on cloud infrastructure.

The study found that 56% of organizations are spending at least $10 million each year on cloud infrastructure, but 80% of organizations do not have a dedicated cloud security team or leader to secure its cloud infrastructure.

"Protecting cloud resources is a unique skill set in comparison to legacy IT security. Legacy skill sets, mindsets, and certifications have not kept pace with the security demands of our cloud-native environments."

— Jasmine Henry, field security director, JupiterOne

Moreover, only 5% of survey respondents currently meet the standards of the highest level —Automated & Integrated — of Ermetic's cloud security maturity model, which defines the key guidelines for a comprehensive security strategy, while 93% of large organizations are only at the low levels of cloud security maturity.

Related:Amazon to Create a Cloud Infrastructure Region in Western Canada

More than half (57%) of organizations adopting a multicloud strategy said they are

operating at the lowest level of cloud security maturity.

Related: The State of Cloud Security

The survey indicated that with each additional cloud, maturity of cloud security practices seems to get increasingly stuck at the "ad hoc" level.

Why Dedicated Cloud Security Team Is a Must to Secure Cloud Infrastructure

A dedicated security team is crucial for protecting cloud resources and services, since hundreds of services need to be protected and each service is a potential attack surface for hackers, according to Igal Gofman, head of research for Ermetic.

"Access management around resources is a complex task and requires deep knowledge of each vendor's access model," he said.

Gofman pointed out that cloud services can be easily accessed from anywhere and are an easy target for attackers since many have excessive permissions.

Please continue reading on our sister site ITPro Today.

About the Author

Nathan Eddy

Nathan Eddy

Contributor

Nathan Eddy is a freelance writer for ITProToday and covers various IT trends and topics across wide variety of industries. A graduate of Northwestern University’s Medill School of Journalism, he is also a documentary filmmaker specializing in architecture and urban planning. He currently lives in Berlin, Germany.

See more from Nathan Eddy
Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

Image of the White House and a database computing icon
Regulations
How a Second Trump Presidency Could Shape the Data Center Industry
How a Second Trump Presidency Could Shape the Data Center Industry

Nov 12, 2024

Malaysia is on the path to become a powerhouse in the Asian data center market
Data Center Site Selection
Malaysia’s Data Center Bet: New Planning Guidelines Set to Drive Growth
Malaysia’s Data Center Bet: New Planning Guidelines Set to Drive Growth

Nov 11, 2024

New data center regulations are emerging globally, with new standards for sustainability and resilience shaping the industry’s future.
Regulations
Data Center Regulation Trends to Watch in 2025
Data Center Regulation Trends to Watch in 2025

Nov 6, 2024

Exclusive DCK Resources
See all DCK Resources

Industry Voices

old letters formatting the world hybrid in yellow
Data Center Infrastructure Management
Key Lessons for Going Hybrid with Your Digital Infrastructure
Key Lessons for Going Hybrid with Your Digital Infrastructure

Nov 14, 2024

Energy & Power Supply
Drax Explores Options to Sell Biomass Power to UK Data Center
Drax Explores Options to Sell Biomass Power to UK Data Center

Nov 13, 2024

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.
Newsletter Sign-Up

Featured Technical Explainers

Data center server configuration command lines on a computer monitor.
Open Source Software
Optimize Text Search: Master the grep Command in Linux
Optimize Text Search: Master the grep Command in Linux
Data center ETF stock chart illustration
Investing
Data Center ETFs: An Introductory Guide to Boosting Your Portfolio
Data Center ETFs: An Introductory Guide to Boosting Your Portfolio
Data center storage trends in 2024
Data Storage
Watch: Data Center Storage Trends in 2024
Watch: Data Center Storage Trends in 2024