Security is foundational
It’s hard to overstate the role security played in businesses’ enthusiastic migration to the public cloud. Faced with challenges like distributed denial-of-service (DDoS) attacks, ransomware, and insider threats, enterprises looked to major cloud providers for technological sophistication and scalable, built-in security frameworks. The promise of superior controls, proactive defenses, and shared responsibility models led organizations to confidently leap to these platforms.
Now, however, according to the CSA/Tenable report, 82% of organizations now manage hybrid setups that combine on-premises and cloud systems, while 63% use more than one cloud provider. These multicloud strategies average 2.7 cloud environments per organization, resulting in large, fragmented infrastructures that traditional security tools find difficult to defend.
The dangers of this complexity are made worse by what the report calls the weakest link in cloud security: identity and access management (IAM). Nearly 59% of respondents cited insecure identities and risky permissions as their main concerns, with excessive permissions and poor identity hygiene among the top reasons for breaches. Respondents said that, alarmingly, identity management was poorly enforced and scattered across hybrid systems. Differences between IAM teams and cloud operations teams are a common issue, with organizations struggling to follow best practices such as enforcing least-privilege access or monitoring identity-related KPIs.
