As an trade, we’re now at a degree the place we do not have to persuade anybody that we’ve a large digital dependence on cloud applied sciences and that securing cloud deployments is a key initiative for many organizations. There’s widespread availability of cloud safety posture administration (CSPM) tooling — commercial- and community-driven alike — and CSPM itself is being included into new tooling coming underneath the heading of cloud-native software safety platforms (CNAPP).
Many cloud safety conversations focus totally on ensuring clouds are configured correctly, however there’s rather more to cloud safety than that. Very similar to conventional safety is rather more than patching, there’s extra to cloud safety than configuration.
As we analyze cloud safety developments, we just lately collected survey information underneath our Omdia Choice Makers survey and located attention-grabbing outcomes that spotlight these conclusions.
The determine under plots responses to the query “What are your prime issues in relation to cloud safety?” The bars on the left present the mixture view (n=186). We are able to clearly see a serious concern with price of safety tooling, then different issues aggregated collectively, together with safety tooling performance, responding to occasions, information safety, and others.
That stated, we additionally segmented the inhabitants into two teams based mostly on their response to a earlier query about how superior their deployments of CSPM instruments have been. Our ongoing trade interactions with a number of stakeholders level to CSPM instruments as the kind of software most frequently related to “cloud safety” conversations, so we selected CSPM deployment expertise as a proxy for cloud expertise. Statistician George Field is legendary for saying “all fashions are unsuitable, however some are helpful,” which we expect is related right here; there is no implication of causation, however some attention-grabbing variations present up within the response information.
For people who have what we contemplate “low” expertise with cloud safety (n=61) by advantage of getting CSPM deployments within the pilot or proof-of-concept stage, issues round price are much more pronounced, as are issues about cloud permissions and a slight bump for issues about compliance.
For people who have extra cloud safety expertise (n=54) — people who responded that they’ve deployed CSPM in widespread manufacturing use —responses shifted considerably. Now, issues about information safety are rather more pronounced, as are issues about how one can reply shortly to incidents, with extra notable issues concerning the ever-present abilities hole by way of cloud applied sciences.
Heightened Considerations
Our interpretation of this information is that clients are certainly seeing worth from the CSPM tooling for configurations and compliance, however they now have heightened issues on information safety, safety operations, and ensuring their groups are expert in cloud applied sciences. These issues are already lurking within the shadows, and as soon as CSPM clears the way in which of dealing with the extra seen safety configuration/compliance issues, these points come to the forefront.
The responses uncovered right here level to attention-grabbing instructions for future inquiry. It’s more and more clear that information safety presents a key space of concern. What are the methods one will get to information? A method is through direct entry to the info shops themselves. That is the provenance of cloud configuration (CSPM) and the more and more in style DSPM (information safety posture administration) class. One other is getting entry through the very APIs offered by the corporate; this then leads down a path of paying shut consideration to API safety.
For safety operations, the trail ahead seems to incorporate extra issues about how one can incorporate cloud safety use instances in SOC response flows. Dubbed cloud detection and response (CDR), that is additionally a promising space of analysis that we’re watching.
For finish customers, this implies being prepared to handle these classes quickly. For distributors, perceive that there’s rather more to buyer demand for cloud safety than CSPM — and even CNAPP — alone.
