With Rising Cloud Security Threats, How Can IT and Security Leaders Proactively ID and Eliminate Blind Spots?

We’re currently facing a hybrid cloud security conundrum. The hybrid cloud market is going through impressive growth, yet the multiple benefits around the agility and scalability that come with hybrid cloud infrastructure are paired with serious concerns about its security.

Gigamon recently surveyed over 1,000 IT and security leaders across the globe and found that 93 percent predict there will be an uptick in cloud-based attacks. Despite this, half are either confident or completely confident that they are secure within their own hybrid cloud infrastructure.

Perhaps this confidence is a result of growing collaboration — our data shows us that in the vast majority of organizations (99 percent), CloudOps and SecOps are now working toward a common goal, and it’s actually CloudOps that are leading on security strategy for most (69 percent).

Yet everything is not as it seems for hybrid cloud security: 99 percent of respondents claim a lack of a security-first culture means vulnerability detection is often siloed to the SecOps team, and many lack one crucial component — deep observability. In fact, we’ve identified that critical blind spots from cloud to on-premises are undeniable, underestimated, and misunderstood.

Are Security Leaders Blind to Blind Spots?

We define blind spots as segments across a network and cloud where security and monitoring tools may not reach, meaning data cannot be sufficiently collected and analyzed, and therefore areas become hidden from view. Any IT or security professional will recognize that this must be avoided at all costs to ensure hybrid cloud security, as you simply cannot manage and protect what you cannot see. In fact, our research shows that unexpected blind spots being exploited is the leading stressor for IT and security leaders across the globe, acknowledged by over half we spoke to (56 percent). For the U.K., in particular, 40 percent are kept up by worries about not having the tools and visibility to properly secure their organization.

Additionally, these same respondents highlight several areas where visibility doesn’t go far enough. Seventy percent of those surveyed claimed their organizations enable encrypted data to flow freely, despite reports showing 93 percent of malware hides behind encryption. What’s more, 35 percent have limited sight into containers, and just under half (48 percent) have visibility across East-West traffic (data moving laterally). It seems there is an underestimation of exactly what a blind spot consists of and the dangers of leaving segments of the hybrid cloud infrastructure unobserved.

The outcome? Nearly one in three breaches are going undetected by IT and security professionals and their tools — a statistic that rises to a concerning 48 percent in the U.S. and 52 percent in Australia.

Perception vs. Reality

These unrecognized blind spots are part of a wider trend in the data indicating that many IT and security leaders’ perception of their hybrid cloud security doesn’t match reality. While surface-level confidence is high, with 94 percent of global respondents stating their security tools and processes provide them with complete visibility, the reality is that one-third of CISOs lack confidence about where their most sensitive data is stored and how it is secured.

And while this is a global issue, the perception-versus-reality gap is exemplified in Singapore: More than a quarter (26 percent) of respondents have unwavering confidence that they’re completely secure, yet 43 percent admit limited container visibility, and all have suffered a data breach in the last nine months.

Traditional security and monitoring tools are clearly not going far enough, and it’s critical that CISOs and their teams look to achieving deep observability by harnessing actionable network-derived intelligence to amplify the power of these tools to eliminate blind spots from on-premises and the cloud. Only then will we see steps to successfully solve the hybrid cloud conundrum, eradicate blind spots, and close the gap between hybrid cloud security perception and reality.

To learn more, download the full report or view the infographic.