APPLICATION INFRASTRUCTURE

Osterman Research Survey Finds 84% of Companies Have Only Rudimentary Capabilities for Securing Their Cloud Infrastructure

Ermetic | August 05, 2022 | Read time : 03:00 min

Osterman Research Survey Finds 84% of Companies Have Only Rudimentary
Ermetic, the cloud infrastructure security company, today released the findings of a research study conducted by Osterman Research on the cloud security maturity level of organizations in North America. The survey found that 84% of respondents were at an entry level (one or two) in terms of their cloud security capabilities and only 16% ranked at the top two levels. Meanwhile, 80% of companies reported they lack a dedicated security team responsible for protecting cloud resources from threats. The survey also revealed the top five priorities that all highly mature companies have in common when it comes to cloud security.

Osterman Research surveyed 326 organizations in North America with 500 or more employees and who spend a minimum of $1 million or more each year on cloud infrastructure to establish an industry baseline against the Ermetic Cloud Security Model. The model was designed to provide organizations with a lightweight framework for determining their maturity level (1 - Ad Hoc, 2- Opportunistic, 3- Repeatable, 4- Automated & Integrated) across multiple domains, while allowing them to develop a specific, actionable roadmap for advancing their capabilities.

“One of the most unexpected findings that emerged from this study was the lack of cloud security maturity among the largest enterprises surveyed,” said Michael Sampson, senior analyst for Osterman Research and author of the report. “Less than 10% of companies with more than 10,000 employees reported being at the top two maturity levels, while nearly 20% of smaller enterprises have achieved repeatable or automated & integrated cloud security capabilities.”

Other Report Highlights
  • Demonstrable ROI: 42% of companies investing more than 50 hours per week on cloud security are achieving the highest levels of maturity (Levels 3 and 4)
  • Bigger not better: Only 7% of companies with more than 10,000 employees were at level three or four in terms of maturity, compared with 18% for companies with between 2,500 and 9,999 employees, and 24% for companies with 500 to 2,499 employees
  • Overall, maturity is low: 84% of companies were at level one or two (41.5% Ad Hoc and 42.5% Opportunistic) and only 16% at level three or four (11.1% Repeatable and 4.9% Automated & Integrated)
  • More clouds doesn’t equal more maturity: the percentage of companies that ranked at the highest levels of maturity (3 & 4) decreased with multicloud usage. For example, the number of organizations achieving Repeatable or Automated & Integrated security capabilities dropped nearly 50% when going from one (10%) to three (6%) cloud platforms
  • Shared blindspot: 81% of organizations lack full visibility into all resources that are directly accessible from the Internet

“This survey makes two things very clear. Without the right tools, spending lots of time and resources on cloud security will not necessarily make you more secure,” said Shai Morag, CEO of Ermetic. “And, by focusing on the right priorities you can achieve a very high level of security maturity regardless of your organization’s size.”

Five Habits of Highly Mature Companies

Organizations that reported focusing on the five following security priorities achieved the highest levels (3 or 4) of maturity:

  • Detecting general cloud misconfigurations (e.g., unencrypted resources, MFA)
  • Achieving the ability to track and investigate activities performed by human users and applications/service accounts across the cloud infrastructure
  • Establishing Just-in-Time (JIT) access for developers / DevOps / Cloud operations teams to cloud infrastructure environments
  • Evaluating and reporting on alignment with security best practices (e.g., AWS well-architected, CIS) and compliance standards (e.g., NIST, ISO, SOC2, PCI-DSS)
  • Achieving least-privilege for identities in the cloud (both human identities and service accounts)

About Ermetic
Ermetic helps prevent breaches by reducing the attack surface of cloud infrastructure and enforcing least privilege at scale in the most complex environments. The Ermetic SaaS platform provides comprehensive cloud security for AWS, Azure and GCP that spans both cloud infrastructure entitlements management (CIEM) and cloud security posture management (CSPM). The company is led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Accel, Forgepoint, Glilot Capital Partners, Norwest Venture Partners, Qumra and Target Global.

Spotlight

Enterprises today are becoming more nimble and distributed, with an increasingly mobile workforce and an expanding roster of applications. And with this transformation comes radically changing networking requirements at the branch, leading more organizations than ever to turn to SD-WAN solutions. In fact, according to the 2018 IDC Worldwide SD-WAN forecast, the SD-WAN infrastructure market’s compound annual growth rate for 2017-2022 will be 40.4 percent.

Spotlight

Enterprises today are becoming more nimble and distributed, with an increasingly mobile workforce and an expanding roster of applications. And with this transformation comes radically changing networking requirements at the branch, leading more organizations than ever to turn to SD-WAN solutions. In fact, according to the 2018 IDC Worldwide SD-WAN forecast, the SD-WAN infrastructure market’s compound annual growth rate for 2017-2022 will be 40.4 percent.

Related News

DATA STORAGE

Portworx by Pure Storage Recognized as the Leader in Kubernetes Storage for Three Consecutive Years by GigaOm

Pure Storage | August 08, 2022

Pure Storage® , the IT pioneer that delivers the world's most advanced data storage technology and services, today announced it was named the leader for the third consecutive year in the GigaOm Radar Report for Enterprise Kubernetes Storage, which analyzed enterprise storage systems with support for Kubernetes-based workloads, and its companion report for Cloud-Native Kubernetes Data Storage, which analyzed Kubernetes-native storage solutions built specifically to support stateful containers with scalable, distributed architectures. According to the GigaOm Radar Report for Cloud-Native Kubernetes Storage, Portworx® by Pure Storage "is one of the most advanced solutions for enterprise Kubernetes storage" and "remains the gold standard in cloud-native Kubernetes storage for the enterprise" as "a complete enterprise-grade solution with outstanding data management capabilities, unmatched deployment possibilities, and superior management features." Across criteria and evaluation metrics, Portworx was ranked by GigaOm as a "strong focus and perfect fit" in advanced data services, advanced CSI integration, deployment models, control plane architecture, developer experience, visibility and insights, as well as architecture, scalability, flexibility, manageability, and performance. Portworx continues to advance the innovation of its Kubernetes Data Platform to bring databases such as Kafka, Cassandra, and Postgres under one platform in the most simple and reliable manner with Portworx Data Services. The GigaOm Radar Report for Enterprise Kubernetes Storage claimed "the integration of Portworx Essentials on Pure Storage controller-based architectures significantly enhances data efficiency because users benefit from the data reduction capabilities offered by the storage arrays." The report also highlights that this powerful integration "allows organizations to seamlessly deploy cloud-native workloads on a proven Kubernetes storage solution, and as their needs grow, they can effortlessly migrate those workloads to the full Portworx solution if they decide to adopt it." Once again, Pure Storage received the highest scores among all market segments, deployment models, and evaluation metrics in the analysis. "For three consecutive years, we've been recognized as a Leader and Outperformer by GigaOm Radar. Customers running containers and databases at scale in production use Portworx to ensure highly reliable, available and secure Kubernetes data storage capabilities. I'm incredibly proud of our Portworx engineering team's recognition by GigaOm as we continue on our mission to help enterprises unleash the power of data." Murli Thirumale, VP, GM Cloud Native Business Unit, Pure Storage In addition to the GigaOm Radar Reports for Cloud-Native Kubernetes Data Storage and Enterprise Kubernetes Data Storage, Pure Storage has been consistently recognized as a leader across the other GigaOm reports for which it qualifies, including High-Performance Object Storage, Kubernetes Data Protection, and Enterprise General-Purpose Storage Systems. About Pure Storage Pure Storage uncomplicates data storage, forever. Pure Storage delivers a cloud experience that empowers every organization to get the most from their data while reducing the complexity and expense of managing the infrastructure behind it. Pure Storage's commitment to providing true storage as-a-service gives customers the agility to meet changing data needs at speed and scale, whether they are deploying traditional workloads, modern applications, containers, or more. Pure Storage believes it can make a significant impact in reducing data center emissions worldwide through its environmental sustainability efforts, including designing products and solutions that enable customers to reduce their carbon and energy footprint. And with a certified customer satisfaction score in the top one percent of B2B companies, Pure Storage's ever-expanding list of customers are among the happiest in the world.

Read More

APPLICATION INFRASTRUCTURE

Spot by NetApp Announces Continuous Security Solution for Cloud Infrastructure

NetApp | July 27, 2022

NetApp® , a global, cloud-led, data-centric software company, today announced the general availability of Spot Security. Built for the cloud, Spot Security delivers a solution for continuous assessment and analysis of cloud security posture. Spot Security enables DevOps and SecOps teams to easily collaborate to identify misconfigurations, reduce their potential attack surface, and ensure compliance. NetApp® , a global, cloud-led, data-centric software company, today announced the general availability of Spot Security. Built for the cloud, Spot Security delivers a solution for continuous assessment and analysis of cloud security posture. Spot Security enables DevOps and SecOps teams to easily collaborate to identify misconfigurations, reduce their potential attack surface, and ensure compliance. With Spot Security, organizations can now enjoy: 360° Visibility: With a clear view into security posture and attack surfaces, network analysis, asset inventory, and cloud user behavior all from the same console via graph visualization of risk maps and service maps. Prioritized In-Depth Analytics: Identify new risks, abnormal behavior or new cloud resources in an instant with continuous monitoring and analysis, ultimately providing clear objectives for DevOps teams to focus on and steering efforts to real issues, removing false positives and embedding security into cloud operations. Automated Detection and Remediation: Detect misconfigurations and anomalies to efficiently support remediation of security and compliance risks across multi-cloud infrastructure. Compliance: Support compliance to industry security standards and regulatory mandates, enabling businesses to stay compliant. “DevOps engineers are constantly asked to deliver solutions to a wide range of challenges that can impact the efficiency and operations of their business. “Spot Security provides DevOps and SecOps a solution that meets the critical requirement to ensure the security of their dynamic cloud environment, further innovating the Spot by NetApp CloudOps suite of solutions that automate and optimize operations in the cloud.” Azzedine Benameur, Head of Spot Security for Spot by NetApp About NetApp NetApp is a global, cloud-led, data-centric software company that empowers organizations to lead with data in the age of accelerated digital transformation. The company provides systems, software and cloud services that enable them to run their applications optimally from data center to cloud, whether they are developing in the cloud, moving to the cloud, or creating their own cloudlike experiences on premises. With solutions that perform across diverse environments, NetApp helps organizations build their own data fabric and securely deliver the right data, services and applications to the right people—anytime, anywhere.

Read More

HYPER-CONVERGED INFRASTRUCTURE

UbiStor Announces Infrastructure as a Service Partnership with Scale Computing

UbiStor | July 21, 2022

UbiStor, a globally-recognized Chicagoland-based Managed Services Provider, has announced its infrastructure partnership with Scale Computing. Scale Computing would be the newest provider to join UbiStor’s arsenal of Managed Backup and Disaster Recovery Solutions. Founded in 2001, UbiStor’s team of engineers have spent over two decades in the industry, specializing in Backup and Disaster Recovery as a Service. As data and threats to that data have become more complex, there has been an increasing need for expert MSPs familiar with integrating a variety of solutions depending on their customer’s environment, acting as a main point of contact during routine testing or in the event of disaster. UbiStor specializes in creating Backup and Disaster Recovery Roadmaps for customers with the ability to scale as they grow and weave new solutions into their evolving environment – all backed by their team of expert engineers on an ongoing basis. In 2021, UbiStor’s Managed SafeStor solution powered by Acronis quickly became one of their most-utilized services, but there was a clear desire from customers for an on-premises appliance with continuity across both platforms. The integration of the Acronis Cyber Protect Cloud and Scale Computing's Business Resilience System (BRS) Appliance gives UbiStor’s customers the agility of a hybrid cloud data protection service with the flexibility of instant local virtualization and recovery using the BRS hardware platform, completely changing how UbiStor brings Acronis services to the market. “The addition of Scale Computing to our Backup and DR-as-a-Service offerings enhances our ability to help customers meet their local restore and recoverability requirements, while still being able to leverage the advanced capabilities of the Acronis Cyber Protect Cloud.” Dan Hill, CEO, UbiStor About Scale Computing Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Using patented HyperCore™ technology, Scale Computing Platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime, even when local IT resources and staff are scarce. Edge Computing is the fastest growing area of IT infrastructure, and industry analysts have named Scale Computing an outperformer and leader in the space, including being named the #1 edge computing vendor by CRN. Scale Computing’s products are sold by thousands of value-added resellers, integrators, and service providers worldwide. When ease-of-use, high availability, and TCO matter, Scale Computing Platform is the ideal infrastructure platform.

Read More