Cloud providers aren’t delivering on security promises

Security concerns around cloud environments has prompted 44% of CISOs to change cloud service provider, according to Arctic Wolf.

This is being driven by the fact that 24% don’t believe their cloud environment is secure, and 43% think cloud service providers overpromised the security protection they would receive.

CISOs rely on multiple cloud providers

Cloud providers have become increasingly critical to firms, with the technology enabling workers to access files and services from any location. This has resulted in 73% of CISOs working with between 2 and 5 cloud service providers to support all the needs of their company’s workforce.

However, this vastly expanded threat surface, combined with a lack of in-house skills to secure it, means 53% of CISOs rely on a security-first mindset from their cloud providers.

Unfortunately, this has resulted in some cloud providers overinflating their security offering, leaving organizations exposed to cyber risks. As a result, CISOs are having to be much more careful about the provider they choose to partner with, with 52% stating they would avoid cloud providers based on previous security incidents.

With 44% of businesses already spending between £101,000 and £250,000 on cloud migrations in the past 12 months there is a clear need for organizations to ensure they are working with trusted partners who can meet this security need. Otherwise, companies will run the risk of having to spend more to not only move to new suppliers but also respond to the cost of a data breach.

The cost and resources needed for organizations to boost their own security skills and technology is often too prohibitive. For example, KPMG estimates the annual budget for a security operations centre (SOC) is $14.6 million, which far outstrips many companies annual budget, let alone their IT spend.

Addressing this issue requires businesses to partner with outside experts who can work as an extension to IT teams. This reduces the pressure on the company and enables organizations to access skills and technology which would be beyond their own budget. For instance, 37% of CISOs who use a channel partner in a cloud migration saw an increase in security and risk management services, and 30% gained access to advanced technology like AI.

Channel partners and MSPs help boost security

Not only do channel partners and MSPs help boost security, they can also provide stability to the perilous role of a CISO, with 92% stating it helps protect their jobs by sharing responsibility in case there is a cyber-attack.

However, despite the clear advantages to security and job stability, only 22% of CISOs use a channel partner in their cloud migration process. This is leaving many exposed to unnecessary risk from attacks or job loss.

“It is clear that many organizations are struggling when it comes to securing cloud environments. A combination of underdelivering cloud providers and a lack of in-house skills is resulting in a dangerous situation which can leave valuable company data exposed to risk. Simply adding more technology will not solve this problem,” said Clare Loveridge, VP and GM EMEA at Arctic Wolf.

“Securing the cloud is a shared responsibility between the cloud provider and the organization. While cloud providers offer good security tools it is important that you have a team of security experts to help you run the operation. Someone needs to be always on the lookout for emerging threats and be ready to respond in real time. This is why organizations can really benefit by partnering with a MSP to ensure they have the most up-to-date protection, and the relevant skills required to combat bad actors in this evolving threat landscape. Partnerships like this give customers the peace of mind, knowing that they make the most of their cloud environments safe in the knowledge they are protected,” concluded Loveridge.