A recent survey conducted by Gigamon has revealed that despite high levels of confidence in hybrid cloud security, nearly one third of security breaches go unnoticed by IT and security professionals. The survey found that 94% of global respondents believe their security tools and processes provide complete visibility and insights into their IT infrastructure. However, the reality is that a significant number of breaches are not being detected in a timely manner.
According to the survey, 74% of organizations now operate in the hybrid cloud, making it the standard infrastructure according to Forrester analysts. While this brings many benefits, it also comes with security concerns. In fact, 93% of respondents predict that cloud security attacks will continue to increase, and 90% reported experiencing a breach in the past 18 months.
The issue lies in the fact that 31% of breaches are only discovered after the fact, rather than being preemptively identified using security and observability tools. Breaches may be identified through various indicators such as data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance. The prevalence of breaches identified after the fact is even higher in the US (48%) and Australia (52%).
On a positive note, the survey found that collaboration across IT is on the rise. 96% of IT and security leaders believe that cloud security is a shared responsibility, and nearly all (99%) see CloudOps and SecOps working together towards a common goal. However, there is still room for improvement as many respondents claimed that a lack of a security-first culture hinders vulnerability detection, often resulting in it being siloed to the SecOps team.
The report also identified the key stressors for IT and security leaders in 2023. Surprisingly, the top concerns were unexpected blind spots (56%), legislation (34%), and attack complexity (32%). The lack of cyber investment only worried 14% of respondents, and the ongoing skills gap concerned just 20%. Effective security education for staff was seen as a crucial factor by only 19% of respondents, although 23% in France and 25% in Germany expressed more concern about skills.
One area of increasing concern on a global scale is legislation, particularly for the UK and Australia. 41% in the UK and 59% in Australia see changes in cyber laws and compliance as a key concern.
The survey also highlighted blind spots across hybrid cloud infrastructure. For example, 70% of respondents lacked visibility into encrypted data, a number that rose to 79% in Germany. Additionally, 35% had limited insights into containers, with higher percentages in France (38%) and Singapore (43%). While 48% had insights into laterally moving data, the US stood out with 64% achieving East-West visibility.
Despite acknowledging these blind spots, one third of CISOs and half of IT and security leaders admitted to lacking confidence in knowing where their most sensitive data is stored and how it is secured. Ian Farquhar, security CTO at Gigamon, commented, “These findings highlight a trend of critical gaps in visibility from on-premises to cloud, the danger of which is seemingly misunderstood by IT and Security leaders around the world.”
The report also found that zero trust is becoming a top priority for IT and security leaders. 87% of respondents said that zero trust is openly discussed at the Board level, marking a 29% increase compared to the previous year. However, many teams lack the visibility required to implement this security framework effectively.
The UK, the US, and Australia emerged as leaders in achieving visibility for zero trust, while France, Germany, and Singapore lagged behind. France and Singapore showed high levels of uncertainty about the reality of zero trust. Respondents recognized the value of deep observability, which involves adding real-time, network-derived intelligence to enhance the power of security and observability tools.
According to Mark Jow, EMEA CTO at Gigamon, zero trust is still a work in progress for organizations globally. However, it is encouraging that half of the surveyed IT and security leaders consider it crucial to boosting security posture. Jow emphasized the importance of deep observability and going beyond traditional approaches to address critical visibility gaps in securing hybrid cloud infrastructure.
In conclusion, while confidence around hybrid cloud security may be high on the surface, the reality is that a significant number of security breaches go unnoticed. It is crucial for organizations to address blind spots, improve collaboration across IT teams, and prioritize zero trust initiatives to enhance their security posture in the hybrid cloud era.