CloudPassage Survey: Exponential Server Growth, Dynamics of Cloud Increase Attackable Surface Area and Risk

CloudPassage today announced the results of a survey revealing the impact of cloud deployment on enterprise security risk. The company surveyed information security professionals attending the Black Hat 2016 Conference and found that the agility, scalability and dynamic nature of the cloud has increased the number of server workloads and attackable surface area that require protection and monitoring. At the same time, security staff sizes remain the same, and many are still not automating security controls on cloud workloads.

Key Findings

• An overwhelming number (94 percent) of respondents noted that when moving from traditional data centers to a cloud infrastructure environment, they increased the number of server workloads (and, thus, their attackable surface area) by a factor of two to 100 times.

• Of those who reported an increase in the number of server workloads when they moved to the cloud, a third of respondents (33 percent) reported they doubled the number of server instances from the number in their traditional data centers. A quarter (25 percent) reported the number of server instances to be five times higher in the cloud than in their traditional data centers.

• 95 percent of respondents noted that they must create, modify or retire server workloads anywhere from two to 100 times more frequently in cloud infrastructure environments than in their traditional data centers.

• 85 percent of IT security professionals said security team hiring has not kept pace with the rate at which new server workloads are created, changed or retired in the cloud.

• Only 28 percent of respondents are leveraging a full suite of tools that enable them to secure and audit cloud server workloads automatically when configuring and deploying them; 37 percent have some security automation tools for configuration and deployment, but another 35 percent are not automating security for configuration or deployment at all.

• The majority of respondents (62 percent) reported they are beginning to automate some or all of the tools they use to secure and audit workloads in cloud infrastructure environments. Respondents said the security tools they most commonly automate are: firewalls and segmentation tools (19 percent) and intrusion detection tools (18 percent).

ÒAdopting cloud infrastructure and agile application delivery creates exponential growth in server workloads, meaning more potentially attackable surface area and more security management overhead,Ó said Carson Sweet, co-founder and chief technology officer of CloudPassage. ÒAt the same time, organizations rarely increase the size of their security teams at all, much less enough to keep up with the higher scale and pace. While organizations have started to understand that cloud infrastructure can deliver faster development, deployment, and innovation cycles, many are not thinking about the related impact to security operations. It only takes one compromise to derail adoption of these new technologies and wreck the value they otherwise could have added. We hope enterprises seek to protect these investments sooner than later by enabling security thatÕs dynamic, automated and on-demandÉin other words, agile security that can harmonize with more broadly agile IT delivery models.Ó

 

About Fidelis Cybersecurity

Fidelis Cybersecurity combats the full spectrum of cyber-crime, data theft and espionage. A leading provider of threat detection, hunting and response solutions, Fidelis provides full visibility across hybrid environments, automates threat and data theft detection, empowers threat hunting, and optimizes incident response with context, speed and accuracy. Fidelis is trusted by Global 1000s and Governments as their last line of defense.

The Fidelis Elevate® platform captures rich metadata from across the threat landscape and combines that content to enable real-time and retrospective analysis, giving security teams the platform to effectively hunt for threats in their environment.

For more information go to www.fidelissecurity.com. Fidelis Cybersecurity is a portfolio company of Skyview Capital.