Ad-hoc adoption of cloud-based services can cause headaches for cybersecurity teams, according to a new study by IBM Security.
The very ease and speed with which new cloud tools can be deployed makes it difficult for security teams to control their usage, IBM said. Basic security oversight issues are the top risk factors companies need to address to secure increasingly cloud-based operations, the study found.
“With businesses rapidly moving to the cloud to accommodate remote workforce demands, understanding the unique security challenges posed by this transition is essential for managing risk,” IBM said. “While the cloud enables many critical business and technology capabilities, ad-hoc adoption and management of cloud resources can also create complexity for IT and cybersecurity teams.”
More than a third of companies in the study purchased 30 or more types of cloud services from 16 different vendors last year alone, according to IBM.
“This distributed landscape can lead to unclear ownership of security in the cloud, policy ‘blind spots’ and potential for shadow IT to introduce vulnerabilities and misconfiguration,” IBM said.
“The cloud holds enormous potential for business efficiency and innovation, but also can create a ‘wild west’ of broader and more distributed environments for organizations to manage and secure,” said Abhijit Chakravorty, cloud security competency leader for IBM Security Services. “When done right, cloud can make security scalable and more adaptable – but first, organizations need to let go of legacy assumptions and pivot to new security approaches designed specifically for this new frontier of technology, leveraging automation whenever possible. This starts with a clear picture of regulatory obligations and compliance mandates, as well as the unique technical and policy-driven security challenges and external threats targeting the cloud.”