Press release

Cloud Security Alliance Study Identifies New and Unique Security Challenges in Native Cloud, Hybrid and Multi-Cloud Environments

Sponsored by Businesswire

The Cloud
Security Alliance
(CSA), the world’s leading organization dedicated
to defining and raising awareness of best practices to help ensure a
secure cloud computing environment, and AlgoSec, leading provider of
business-driven network and cloud security management solutions, today
announced the results of a new study titled, “Cloud
Security Complexity: Challenges in Managing Security in Hybrid and
Multi-Cloud Environments.
The survey of 700 IT and
security professionals aims to analyze and better understand the state
of adoption and security in current hybrid cloud and multi-cloud
security environments, including public cloud, private cloud, or use of
more than one public cloud platform.

“As companies of all sizes are taking advantage of the value of the
cloud with its improved agility and flexibility, they are also facing
unique new security concerns, especially when integrating multiple cloud
services and platforms into an already complex IT environment,” said
John Yeoh, Vice President of Research, Cloud Security Alliance. “The
study findings demonstrate how important it is for enterprises to have
holistic cloud visibility and management across their increasingly
complex hybrid network environments in order to maintain security,
reduce the risk of outages and misconfigurations, and fulfill audit and
compliance demands.”

“This survey makes clear that there is no one-size-fits-all cloud
deployment model: organizations are choosing to adopt and use cloud
resources in the way that suits their business needs. But this cloud
flexibility also creates many security challenges for today’s
enterprise. Irrespective of how they choose to use cloud resources,
end-to-end visibility across the networks is critical to meet security
and compliance obligations,” said Jeffrey Starr, CMO of AlgoSec. “Robust
network security management and automation become increasingly mission
critical. We see organizations moving to automate security management
across native cloud, multi-cloud, and hybrid network estates, driving
agility while ensuring continuous security for next-generation
enterprise environments.”

Key findings of the study include:

  • Cloud creates configuration and visibility problems: When asked
    to rank on a scale of 1 to 4 those aspects of managing security in
    public clouds they found challenging, respondents cited proactively
    detecting misconfigurations and security risks as the biggest
    challenge (3.35), closely followed by a lack of visibility into the
    entire cloud estate (3.21). Audit preparation and compliance (3.16),
    holistic management of cloud and on-prem environments (3.1), and
    managing multiple clouds (3.09) rounded out the top five.
  • Human error and configuration mistakes the biggest causes of
    Eleven percent (11.4%) of respondents reported a cloud
    security incident in the past year, and 42.5% had a network or
    application outage. The two leading causes were operational / human
    errors in management of devices (20%), device configuration changes
    (15%) and device faults (12%).
  • Cloud compliance and legal concerns: Compliance and legal
    challenges were identified as major concerns when moving into the
    cloud (57% regulatory compliance; 44% legal concerns).
  • Security is the major concern in cloud projects: Eighty-one
    percent of cloud users said they encountered significant security
    concerns. Concerns over risks of data losses and leakage were also
    high with users when deploying in the cloud (cited by 62%), closely
    followed by regulatory compliance concerns (57%), and integration with
    the rest of the organizations’ IT environment (49%).

Commissioned by AlgoSec, the survey also looked to uncover insights on
topics such as workloads being used in or moved to the cloud and how
they are being deployed/migrated; types of cloud platform(s) being used
by companies; common security challenges faced by companies when
deploying workloads in the cloud; methods of managing risk and
vulnerabilities in the cloud environment; and causes of network or
application outages and the amount of time it took to remediate.

Editor’s Note: Sponsors of CSA research are CSA Corporate Members,
who support the findings of the research project but have no added
influence on content development nor editing rights. The report and its
findings are vendor-agnostic and allow for global participation.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization
dedicated to defining and raising awareness of best practices to help
ensure a secure cloud computing environment. CSA harnesses the subject
matter expertise of industry practitioners, associations, governments,
and its corporate and individual members to offer cloud
security-specific research, education, certification, events and
products. CSA’s activities, knowledge and extensive network benefit the
entire community impacted by cloud — from providers and customers, to
governments, entrepreneurs and the assurance industry — and
provide a forum through which diverse parties can work together to
create and maintain a trusted cloud ecosystem. For further information,
visit us at,
and follow us on Twitter @cloudsa.