A Flexera report reveals that 72% of surveyed organisations are using the hybrid cloud (see figure below). This is corroborated by Forrester who suggested this is the 'norm'. Participants in the Gigamon Hybrid Cloud Security trends report acknowledged that attacked and breaches have occurred (90%) in their organisation in the last 18 months, and that cloud security attacks are only going to increase (93%).
The report also reveals a significant gap between the perception and reality of how secure organisations truly are from cyber threats. Surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure.
However, 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools – either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration).
The good news is that collaboration across IT is on the rise with 96% of IT and Security leaders around the world believing cloud security is everyone’s responsibility, and 99% see CloudOps and SecOps working towards a common goal.
The report cautions that more to be done with 99% of respondents claiming a lack of a security-first culture means vulnerability detection is often siloed to the SecOps team.
What keeps CISOs up at night
Source: Gigamon Hybrid Cloud Security Trends report
The Gigamon report identified that the key stressors for IT and security leaders in 2023 are not what many may have anticipated, rather it is unexpected blind spots (56%), legislation (34%) and attack complexity (32%) that keep CISOs and other IT leaders up at night.
The lack of cyber investment is only worrying 14% of global respondents, along with just 20% who were concerned about the ongoing skills gap. Only 19% claim effective security education for staff is a crucial factor for gaining confidence in IT infrastructure security. Legislation is a growing worry on a global scale and is a particular issue for Australia (59%) where respondents cite a change in cyber laws and compliance as a key concern.
Noteworthy blind spots across the hybrid cloud infrastructure include:
- 70% lack visibility into encrypted data.
- 35% had limited insights into containers, which increases to 43% in Singapore.
- 48% had insights into laterally moving data.
Despite flagging blind spots as their leading stressor, one-third of CISOs and 50% of other IT and security leaders admit they lack confidence in knowing where their most sensitive data is stored and how it is secured.
“These findings highlight a trend of critical gaps in visibility from on-premises to cloud, the danger of which is seemingly misunderstood by IT and Security leaders around the world,” comments Ian Farquhar, security CTO at Gigamon.
He opined that many don’t recognise these blind spots as a threat, yet East-West traffic – laterally moving data – and encrypted traffic can be incredibly dangerous in the hybrid cloud world.
"We’ve seen previous reports that highlight the vast quantity of malware that hides behind encryption. Considering over 50% of global CISOs are kept up at night by the thought of unexpected blind spots being exploited, there’s seemingly not enough action being taken to remediate critical visibility gaps.”
Ian Farquhar
Deep observability facilitates the zero trust journey
The report points to Zero Trust as another IT and Security leader priority, with 87% of global respondents saying Zero Trust is spoken about openly by the Board, up 29% compared to findings from 2022.
Yet while half of all respondents to this year’s survey stated that Zero Trust is crucial to boosting confidence levels that their organisation is secure, the reality is that many teams simply do not have the visibility to enable it.
The UK (39%), the US (42%) and Australia (41%) are leading the market when it comes to achieving visibility to enable this framework, while France (26%), Germany (29%) and Singapore (25%) all fall behind.
Uncertainty about the reality of Zero Trust is high in Singapore in particular and all global respondents are recognising the value of deep observability – the addition of real-time, network-derived intelligence to amplify the power of the metric, event, log, and trace-based (MELT) security and observability tools – for building a foundation for Zero Trust.
Also, 97% also believe deep observability is an important element of cloud security, up 8% from last year.
