Annual survey shines a spotlight on global misconceptions around the
extent of hybrid cloud blind spots, despite 93 percent predicting cloud
security attacks are on the rise
Santa Clara, Calif – June 28th, 2023 – Gigamon [5], the leader in deep
observability, today announced its Hybrid Cloud Security trends report
[6], emphasizing a significant gap between the perception and reality of
how secure organizations truly are from cyberthreats. The annual survey
of over 1,000 IT and Security leaders from across the US, EMEA,
Singapore and Australia uncovered that while surface-level confidence
around hybrid cloud security is high, with 94 percent of global
respondents stating their security tools and processes provide them with
complete visibility and insights into their IT infrastructure, the
reality is nearly one third of security breaches aren’t spotted by IT
and Security professionals.
According to Flexera, 74 percent [7] of organizations now exist in the
hybrid cloud and this infrastructure is considered the ‘norm’ by
Forrester [8] analysts. Yet it comes with a number of security concerns,
clearly recognized by respondents to the Gigamon Hybrid Cloud Security
survey; 93 percent predict cloud security attacks are only going to
increase, and 90 percent had experienced a breach in the last 18 months.
The issue is that 31 percent of breaches are being identified later down
the line, rather than preemptively using security and observability
tools – either by data appearing on the dark web, files becoming
inaccessible, or users experiencing slow application performance (likely
due to DoS or inflight exfiltration). This number rises to 48 percent in
the US, and 52 percent in Australia.
The good news is that collaboration across IT is on the rise. 96 percent
of IT and Security leaders around the world believe cloud security is
everyone’s responsibility, and almost all (99 percent) see CloudOps and
SecOps working towards a common goal. Yet there is still more to be
done, while CloudOps seems to be leading on strategy, 99 percent of
respondents claim a lack of a security-first culture means vulnerability
detection is often siloed to the SecOps team.
Unexpected Issues Keeping CISOs up at Night
The Gigamon report also identified that the key stressors for IT and
security leaders in 2023 aren’t what many may have anticipated. It is
unexpected blind spots (56 percent), legislation (34 percent) and attack
complexity (32 percent) that keep CISOs and other IT leaders up at
night, while a lack of cyber investment is only worrying 14 percent of
global respondents, along with just 20 percent who were concerned about
the ongoing skills gap. In fact, only 19 percent claim effective
security education for staff is a crucial factor for gaining confidence
on IT infrastructure security. Respondents from France and Germany are
slightly more concerned about skills, with 23 percent and 25 percent
respectively stating they need access to skilled people in the cloud.
Instead, legislation is a growing worry on a global scale, and is a
particular issue for the UK and Australia: 41 percent in the UK and 59
percent in Australia see change in cyber laws and compliance as a key
concern.
Survey respondents generally acknowledged blind spots across their
hybrid cloud infrastructure:
* 70 percent lack visibility into encrypted data, a number that rises
to 79 percent in Germany.
* 35 percent had limited insights into containers, which increases to
38 percent in France and 43 percent in Singapore.
* Just under half (48 percent) had insights into laterally moving
data, although the US leads the market here with 64 percent achieving
East-West visibility.
Yet despite flagging blind spots as their leading stressor, one third of
CISOs and 50 percent of other IT and Security leaders admit they lack
confidence in knowing where their most sensitive data is stored and how
it is secured.
“These findings highlight a trend of critical gaps in visibility from
on-premises to cloud, the danger of which is seemingly misunderstood by
IT and Security leaders around the world,” comments Ian Farquhar,
security CTO at Gigamon. “Many don’t recognize these blind spots as a
threat, yet East-West traffic – laterally moving data – and encrypted
traffic can be incredibly dangerous in the hybrid cloud world. We’ve
seen previous reports that highlight the vast quantity of malware that
hides behind encryption. Considering over 50 percent of global CISOs are
kept up at night by the thought of unexpected blind spots being
exploited, there’s seemingly not enough action being taken to remediate
critical visibility gaps.”
Deep Observability Facilitates the Zero Trust Journey
The Gigamon report on Hybrid Cloud Security trends points to Zero Trust
as another IT and Security leader priority. In fact, there’s an upward
trend of how often this security framework is discussed at a board
level; 87 percent of global respondents say Zero Trust is spoken about
openly by the Board, a 29 percent increase compared to findings [9] from
2022.
Yet while half of all respondents to this year’s survey stated that Zero
Trust is crucial to boosting confidence levels that their organization
is secure, the reality is that many teams simply do not have the
visibility to enable it. The UK (39 percent), the US (42 percent) and
Australia (41 percent) are leading the market when it comes to achieving
visibility to enable this framework, while France (26 percent), Germany
(29 percent) and Singapore (25 percent) all fall behind. Uncertainty
about the reality of Zero Trust is high in France and Singapore in
particular and all global respondents are recognizing the value of deep
observability – the addition of real-time, network-derived intelligence
to amplify the power of metric, event, log, and trace-based (MELT)
security and observability tools – for building a foundation for Zero
Trust. 97 percent also believe deep observability is an important
element of cloud security – a rise of 8 percent from last year.
Mark Jow, EMEA CTO at Gigamon concludes, “Zero Trust is still very much
a ‘work in progress’ for organizations around the globe, but it’s
positive to see that at least half of the IT and Security leaders we
surveyed view it as crucial to boosting security posture and even more
positive to see them recognize the value of visibility. Deep
observability and going beyond traditional MELT approaches is crucial if
organizations are to advance successfully on their Zero Trust journeys,
securing their hybrid cloud infrastructure and eradicating the critical
visibility gaps that are clearly causing headaches and restless nights.”
About Gigamon
Gigamon(R) offers a deep observability pipeline that harnesses
actionable network-derived intelligence to amplify the power of
observability tools. This powerful combination helps enable IT
organizations to assure security and compliance governance, speed
root-cause analysis of performance bottlenecks, and lower operational
overhead associated with managing hybrid and multi-cloud IT
infrastructure. The result: modern enterprises realize the full
transformational promise of the cloud. Gigamon serves more than 4,000
customers worldwide, including over 80 percent of Fortune 100
enterprises, 9 of the 10 largest mobile network providers, and hundreds
of governments and educational organizations worldwide. To learn more,
please visit [10]www.gigamon.com [11].
