DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
  • 5 Key Performance Metrics to Track in 2023
  • Debunking Myths About Reliability
  • New Relic Bets on AI to Advance Observability
  • Vega Cloud Commits to Reducing Cloud Costs

Home » Features » Cloud Visibility: The Security Achilles Heel

Cloud Visibility: The Security Achilles Heel

By: Ericka Chickowski on September 30, 2015 2 Comments

As organizations accelerate their DevOps practices and move toward continuous delivery, cloud adoption plays a pivotal role. But visibility into cloud infrastructure and provider practices will remain a security Achilles heel until businesses can get better monitoring and insight into public cloud assets. According to a new survey out by the SANS Institute, even as the amount of sensitive data housed in public cloud infrastructure explodes, many organizations haven’t found a way to lick the visibility problem.

Recent Posts By Ericka Chickowski
  • 5 Ways DevSecOps Can Manage Software Supply Chains
  • 4 Traits of High-Performance Digital Leaders
  • Are Self-Service Machine Learning Models the Future of AI Integration?
More from Ericka Chickowski
Related Posts
  • Cloud Visibility: The Security Achilles Heel
  • How to align your DevOps and Cloud Initiatives
  • JumpCloud Introduces Directory-as-a-Service
    Related Categories
  • Features
    Related Topics
  • Cloud Security
  • SANS
Show more
Show less

Sponsored by CloudPassage and conducted among nearly 500 IT professionals, the survey showed that both PaaS and IaaS are on a huge upswing. In the next 12 months organizations report that they will approximately double usage of both models. IaaS in particular shows the biggest growth among cloud usage models, as 29 percent of organizations report they’ll deploy IaaS for the first time in the next year. Among the major drivers for this growth, 61 percent of organizations said time to deployment was key, while 54 percent said they were moving to the cloud because they can’t scale their own solutions.

TechStrong Con 2023Sponsorships Available

In those cloud deployments, well over half of organizations are processing or storing sensitive data in their public cloud environments or aren’t sure if they have sensitive data in the cloud. At least one in five organizations said they use the cloud to store or process intellectual property, customer financial information or health records. Meanwhile, 52 percent said they used the cloud to store and process business intelligence data, while 48 percent store or process employee records.

Visibility concerns trump all others when organizations related their problems with cloud adoption—nearly 60 percent reported having issues with a lack of visibility into service provider operations. Nearly half of organizations related they had issues getting proper incident response support from providers due to visibility issues. And 46 percent reported having issues with VM and workload visibility. While not quite as widespread as general visibility woes, a quarter of organizations reported that provider-introduced vulnerabilities resulted in a breach or incident. Unfortunately, organizations are more likely than not unable to test for these kind of issues proactively. Only about 24 percent of organizations work with providers that allow them to do penetration testing on their public cloud assets.

Diving deeper into this issue, one of the big problems is the inability for organizations to fold their cloud operations into overall security monitoring and management—37 percent of organizations reported there’s just a lack of consistent security controls that integrate with on-premises tools and security management.

“The biggest issue, which goes back to the problem of visibility into internal cloud provider operations, is the lack of access to log files and other forensic artifacts, experienced by 53% of respondents,” says the report’s author, Dave Shackleford. He recommends that as organizations evaluate their public cloud relationships, they consider controls like logging, multifactor authentication, encryption and compatibility with security products that work natively within that cloud infrastructure.

Filed Under: Features Tagged With: Cloud Security, SANS

« The business benefits of DevOps
Adding users to Google Apps quickly »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

https://webinars.devops.com/overcoming-business-challenges-with-automation-of-sap-processes
Tuesday, April 4, 2023 - 11:00 am EDT
Key Strategies for a Secure and Productive Hybrid Workforce
Tuesday, April 4, 2023 - 1:00 pm EDT
Using Value Stream Automation Patterns and Analytics to Accelerate DevOps
Thursday, April 6, 2023 - 1:00 pm EDT

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

Latest from DevOps.com

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
March 31, 2023 | Richi Jennings
5 Key Performance Metrics to Track in 2023
March 31, 2023 | Sarah Guthals
Debunking Myths About Reliability
March 31, 2023 | Kit Merker
New Relic Bets on AI to Advance Observability
March 30, 2023 | Mike Vizard
Vega Cloud Commits to Reducing Cloud Costs
March 30, 2023 | Mike Vizard

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

Most Read on DevOps.com

Don’t Make Big Tech’s Mistakes: Build Leaner IT Teams Instead
March 27, 2023 | Olivier Maes
How to Supercharge Your Engineering Teams
March 27, 2023 | Sean Knapp
Five Great DevOps Job Opportunities
March 27, 2023 | Mike Vizard
The Power of Observability: Performance and Reliability
March 29, 2023 | Javier Antich
Cloud Management Issues Are Coming to a Head
March 29, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.