As cloud technology becomes increasingly vital to a wide variety of business operations, Chief Information Security Officers (CISOs) are grappling with the twin challenges of ensuring secure environments and managing their relationships with cloud service providers. The latest survey by Arctic Wolf reveals that 44% of CISOs have switched their cloud service providers due to security concerns, indicating a growing wariness toward providers’ security claims. This trend has arisen as 24% of CISOs find their cloud environments insecure, while 43% believe these providers have exaggerated their security capabilities, leading to mistrust and changes in provider relationships.
Challenges in Cloud Security
Despite the integral role of cloud technology in modern businesses, providing convenient access to files and services from any location, many security professionals continue to wrestle with a broadened threat landscape. A striking 73% of CISOs now collaborate with between two and five cloud service providers, necessitating a juggling act that can spread their security focus too thin. Consequently, 53% of these professionals state that they have to rely on the security assurances of their cloud providers due to a lack of sufficient in-house cybersecurity expertise. However, the downside to relying on these externalities is that some providers may overinflate their security measures, leaving organizations unprotected against emerging cyber threats.
A proactive approach to security has made it imperative for companies to avoid cloud providers with previous security incidents. The survey showed that 52% of CISOs steer clear of providers who have a history of security lapses, impacting their decision-making process and choice of partners. Given the complexity involved in ensuring secure cloud operations, the need for vigilant, reliable providers has never been more critical.
Investments and Resource Allocation
The financial investment organizations make in cloud migrations is substantial. According to the survey, 44% of companies reported spending between £101,000 and £250,000 on cloud migrations over the past year alone. Given such significant expenditures, businesses are under immense pressure to select trustworthy partners who can meet their security needs without incurring extra costs tied to switching providers or dealing with potential data breaches. Building strong in-house security infrastructures can be prohibitively expensive, with KPMG placing the annual budget for a security operations center (SOC) at $14.6 million, which is far beyond the reach of most companies.
To mitigate these costs, many organizations have turned to Managed Service Providers (MSPs) to enhance their cybersecurity. Partnerships with MSPs offer access to advanced skills and technologies that exceed what most individual companies can afford. Notably, 37% of CISOs who engaged channel partners during cloud migration efforts noted marked improvements in their security and risk management services. Furthermore, 30% of these responders indicated that being able to leverage advanced technologies, such as artificial intelligence (AI), contributed significantly to their enhanced security posture.
Benefits and Underutilization of MSPs
Engaging MSPs not only bolsters security but also provides job stability for CISOs. An overwhelming 92% of them acknowledge that having shared responsibility in the event of a cyber-attack helps safeguard their job security. This is because liability is distributed between the organization and the MSP, reducing the pressure on any single party. Despite these benefits, the survey highlights that only 22% of CISOs currently collaborate with channel partners for cloud migrations, a relatively low figure that points to a potential area of improvement for many organizations.
Clare Loveridge, Vice President and General Manager EMEA at Arctic Wolf, emphasizes that numerous organizations struggle with cloud security due to the overstatements of their cloud service providers and inadequate in-house capabilities. She advocates for partnerships with Managed Service Providers (MSPs) to ensure more robust security measures are in place. Such collaborations facilitate comprehensive threat monitoring and real-time response capabilities, positioning organizations to utilize cloud environments both safely and effectively. These enforced partnerships offer the additional benefit of up-to-date protection against a continually evolving landscape of cyber threats.
Future Considerations for CISOs
As cloud technology becomes increasingly central to various business operations, Chief Information Security Officers (CISOs) face the dual challenges of securing these environments and managing relationships with cloud service providers. A recent Arctic Wolf survey reveals that 44% of CISOs have changed their cloud service providers due to security concerns, showcasing a growing mistrust in providers’ security claims. This trend has emerged because 24% of CISOs find their cloud environments lacking in security, while 43% believe that these providers exaggerate their security capabilities. As a result, there is a notable shift in the relationships between organizations and their cloud service providers. The survey highlights the critical need for cloud service providers to build and maintain trust by providing transparent and robust security measures. Due to these security concerns, CISOs are increasingly cautious in their selection and ongoing evaluation of cloud service providers, emphasizing the importance of security in the evolving cloud landscape.