Enterprise IT has embraced the multicloud model, with surveys showing that nearly all organizations now use multiple cloud providers as well as numerous cloud-based solutions.

Indeed, analyst firm IDC expects more than 90% of enterprises worldwide to have multiple public clouds by 2022. The 2020 State of the Cloud Report from Flexera, a provider of IT management solutions, found that 93% of enterprises have a multicloud strategy — up from 81% two years ago — with respondents now using an average of 2.2 public clouds and 2.2 private clouds.

But the expanding mix of public and private clouds as well as software-as-a-service applications within the typical enterprise has also given rise to growing security concerns. Some 83% of enterprises surveyed by Flexera listed security as a challenge — ahead of concerns about managing cloud spend (listed by 82%) and governance (cited by 79%).

“The challenge that multicloud presents to security teams continues to grow. The number of services that are being released, the new ways of interacting, the interconnecting of services and systems, all of that continues to advance and all of these add new complexities into the enterprise security model,” says Randy Armknecht, a managing director and the emerging technologies and global cloud practice leader at consulting firm Protiviti.

Randy Armknecht, managing director and emerging technologies and global cloud practice leader, ProtiRandy Armknecht, Protiviti

The high level of concern over securing the multicloud environment is not surprising, as CISOs have seen the scope of what they must protect move from the infrastructure confined within the enterprise to a mesh of compute resources spread across various vendors offering differing levels of both services and security assurances. This vast and boundless environment creates a larger surface for malware attacks, data breaches, compliance/regulatory violations and resiliency issues. It is because of this added complexity that multicloud is becoming an attack vector, says Sai Gadia, a partner in KPMG’s Technology Risk practice. “And if there is any loophole in your classic people, process or technology, then bad actors are looking to exploit that.”

Compounding complexity

The typical enterprise IT infrastructure and solutions stack today includes not only public and private cloud deployments but also an average of 288 different SaaS offerings, according to the 2020 SaaS Trends report from tech vendor Blissfully. (That’s in addition to legacy technologies in many cases, too.)

Copyright © 2020 IDG Communications, Inc.

Source link

By admin