Last week, we announced the results of a survey we conducted at Black Hat. We conducted the survey to better understand the combined impact of cloud infrastructure along with agile development and continuous delivery on enterprise security risk as it pertains to workload vulnerability due to increased scale and dynamics.
Our assumption was that there is a multiplication factor in regards to both scale in the number of workloads that need to be protected as well as the dynamics of how often those workloads need to be modified, updated, or spun up or down. And, that those two factors multiplied together meant an exponential increase in the surface area that security professionals need to protect and monitor. We also wanted to know: What are security teams doing to keep up? Are they hiring at an equivalent pace to the changing scale and dynamics? Are they using automation?
When we asked the infosec community at Black Hat to talk about the impact, their answers confirmed that the scale of cloud infrastructure and the dynamic nature of agile development and continuous delivery has increased the number of server workloads and attackable surface area that require protection and monitoring. At the same time, security staff sizes remain the same, and many are still not automating security controls on cloud workloads.
Here’s What We Found
- An overwhelming number (94 percent) of respondents noted that when moving from traditional data centers to a cloud infrastructure environment, they increased the number of server workloads (and, thus, their attackable surface area) by a factor of two to 100 times.
- Of those who reported an increase in the number of server workloads when they moved to the cloud, a third of respondents (33 percent) reported they doubled the number of server instances from the number in their traditional data centers. A quarter (25 percent) reported the number of server instances to be five times higher in the cloud than in their traditional data centers.
- 95 percent of respondents noted that they must create, modify, or retire server workloads anywhere from two to 100 times more frequently in cloud infrastructure environments than in their traditional data centers.
- 85 percent of IT security professionals said security team hiring has not kept pace with the rate at which new server workloads are created, changed or retired in the cloud.
- Only 28 percent of respondents are leveraging a full suite of tools that enable them to secure and audit cloud server workloads automatically when configuring and deploying them; 37 percent have some security automation tools for configuration and deployment, but another 35 percent are not automating security for configuration or deployment at all.
- The majority of respondents (62 percent) reported they are beginning to automate some or all of the tools they use to secure and audit workloads in cloud infrastructure environments. Respondents said the security tools they most commonly automate are: firewalls and segmentation tools (19 percent)and intrusion detection tools (18 percent).
But What Does It All Mean?
Adopting cloud infrastructure and agile application delivery creates exponential growth in server workloads, meaning more potentially attackable surface area and more security management overhead. At the same time, organizations rarely increase the size of their security teams at all, much less enough to keep up with the higher scale and pace.
While organizations have started to understand that cloud infrastructure can deliver faster development, deployment, and innovation cycles, many are not thinking about the related impact to security operations. It only takes one compromise to derail adoption of these new technologies and wreck the value they otherwise could have added.
As 451 Group’s Senior Security Analyst Adrian Sanabria told us at Black Hat: “Security has to be built in. It has to be automated. It’s no longer something we deploy manually.”