Misconfigurations and limited visibility top the list of cloud concerns for enterprises, according to a study conducted by CyberRisk Alliance Business Intelligence. Underlying the report’s findings are a swath of data points that indicate growing business opportunities for both managed services providers and managed security service providers in the months ahead.
Only 27% of survey respondents said they manage their own cloud infrastructure, with 8% “fully outsourcing” the job. The study added 64% of organizations use a hybrid approach to cloud management and work with cloud providers on security.
The State of Cloud Security 2024 report underscores the opportunity for the hundreds of MSPs and MSSPs eager to adopt lucrative advanced cloud security strategies. To that end, MSPs and MSSPs are pushing hard to capitalize on the cloud security space. Recent examples include:
- MSP Rubrik, which in May unveiled Rubrik Security Cloud designed to help organizations "become more proactive in the fight against ongoing cyberattacks."
- Aqua Security released its Real-Time CSPM (cloud security posture management) solution earlier this year. The solution is designed to help security practitioners identify, prioritize and remediate their organizations' cloud security risks, according to the company.
- In May, Parablu, a data protection and management solutions provider, inked a multi-year agreement with Microsoft to co-sell its BluVault and Ransomware Defense Suite SaaS offerings. That deal includes a plan by Parablu to utilize Microsoft cloud infrastructure and services.
Proficiency Gaps Drive Outsourcing
Nearly half (46%) of the respondents to CRA Business Intelligence survey rated their cloud security proficiency as non-existent, beginner, or developing. Only 53% considered their proficiency as competent, advanced, or expert.
Survey respondents weighed in on advanced artificial intelligence assisting with some aspects of cloud security. Over half (62%) of respondents believe that AI will positively impact cloud security, though concerns about data privacy and the longevity of vendor tools remain. Eight percent said AI and machine learning will negatively or very negatively impact cloud security.
“With these technologies we have an existential threat to security. I worry greatly that without oversight we will have issues,” according to a respondent cited in the report.
Capitalizing on Customer Cloud Attitudes
While not directly singling out MSPs or MSSPs, the report demonstrates growing opportunities for both to adopt advanced cloud security strategies. The report suggests that a multi-faceted approach, encompassing governance, third-party risk management and AI-driven solutions, is essential for tackling the evolving threat landscape and aligning a strategy with potential customer needs.
Access controls and access management are the top cloud security practices used by organizations.
“Identity is usually the entry point for hackers to get into your system. They send out phishing or social engineering attempts to get identity, and if they do then they can get away with pretty much whatever they want. So we’re looking hard at identity and access management tools right now,” said one survey respondent.
Also topping the list of in-demand cloud security practices:
- Encryption or tokenization
- Employee awareness and training about cloud security
- Security services offered natively by the cloud provider
- Security frameworks and standards (e.g., ISO 27001) in cloud environments
- Zero-trust network access
- Secure app development SASE/SSE
The increasing complexity of multi-cloud deployments, which require more sophisticated and integrated security solutions, is driving enterprise to bolster cloud security solutions. By enhancing visibility, leveraging AI, and managing third-party risks effectively, service providers can help their clients navigate this complex cloud security landscape, ensuring robust protection against evolving threats.
(Download the full report Organizations tackling multi-cloud security amidst misconfigurations and poor visibility at CRA’s sister site SC Media here - registration required.)