This is a summary of a byline article appearing on Cloud Tech on March 13, 2019.
The transition to cloud has been rapid and unprecedented. According to a report by IDG, barely half (53%) of business today is run on traditional networks, and IDG further predicts that this will drop to less than a third (31%) within the next year or so.
Of course, not even the cloud is immune to digital transformation and consolidation. The biggest indicator of this is the consolidation of the IaaS market, which is by far the largest segment of the cloud marketplace. Forrester has forecast that the six largest public cloud providers (Alibaba, AWS, Azure, Google, IBM, and Oracle) will continue to expand their presence in 2019, pushing many of the smaller providers out of the space, with Goldman-Sachs predicting that the big six cloud providers will control 84% of the market within the next year.
Other cloud markets, like storage and SaaS are also growing rapidly. Nearly every organization on the planet participates in one or more of these, whether they know it or not. Gartner studies, for example, have found that Shadow IT now comprises 30 to 40 percent of IT spending in large enterprises, with the average enterprise using a staggering 1,935 different cloud services, with fewer than 50 of them known to IT. And according to IBM, of the more than 20,000 cloud services in use today, only 8.1 percent meet the strict data security and privacy requirements of enterprises, while Gartner predicts that by 2020 a third of successful attacks experienced by enterprises will be on their Shadow IT resources.
The security challenge of cloud sprawl
“For many organizations, the lure of the freedom and flexibility of the cloud has caused them to adopt and deploy solutions before they have put a comprehensive security strategy in place. In fact, the majority of cloud-based spending in organizations bypasses the CIO, as lines of business are increasingly making decisions for implementing some form of cloud solution within an organization.” - Lior Cohen, Cloud Tech, 13 March 2019
And while, according to IDG, 42% of organizations now have a multi-cloud deployment in place, most organizations do not have any sort of unified system in place for monitoring, managing, or securing their legitimate cloud applications and infrastructures, let alone those that have been adopted by users without IT’s knowledge.
At the same time, failing to address the security challenges of such dramatic cloud sprawl puts your organization at serious risk. Getting out in front of this challenge requires security teams to develop a two-pronged campaign that focuses on human intervention and the adoption of new technologies.
Security leaders need to begin by educating corporate executives, line of business leaders, and users on the risks associated with unsupervised cloud adoption. At the same time, IT teams cannot afford to be seen as restricting business. Your job is to educate users on the range of solutions that meet their needs and that can also be easily integrated into your existing IT security strategy.
Organizations also need to put technical strategy in place to control the cloud sprawl security issues:
Without comprehensive security policies and solutions in place, cloud adoption can introduce more risk and overhead than most IT teams can absorb. Security leadership teams need to combat this tendency by combining integrated security with a corporate climate committed to proactively protecting cloud-based resources.
This is a summary of an article entitled, “Addressing cloud sprawl: Combining security best practices with business foundations” that first appearing on Cloud Tech on March 13, 2019.
Read more about how Fortinet secures multi-cloud environments with our Security Fabric.