Embedding cloud security policies must be given the highest priority in 2022

The Bottom Line: Security policies are the foundation of a robust and effective cloud security framework. Defining, maintaining and tracking adherence to security policies beyond the compliance agenda must be given the highest priority by security leaders in 2022.

• Standards and policies. Efficiently running hybrid and multi-cloud operations is already a challenge in itself. But the appropriate management of security policies across the overall cloud environment seems to be an even bigger one, as highlighted by 55% of respondents. 27% of respondents flagged that designing and maintaining the consistency of security policies is currently their number one challenge. 28% ranked monitoring and measuring the effectiveness of security policies as their top challenge.
• Knowledge and expertise. Up-skilling existing security teams and/or attracting external talents with cloud security expertise have also been reported as key challenges by 29% of respondents. Getting in control of cloud security is the first milestone in the journey to secure the cloud environment. But staying in control requires a talented workforce to operate and continuously improve cloud security activities over time. Managed service providers could offer access to the right talent pool to help enterprises achieve effective parity in the ongoing war for talent, and possibly build internal talent through knowledge sharing over time.
• Identity and access. Identity and Access Management (IDAM) has always been considered as one of the key pillar of a Zero Trust security model. Most enterprises has invested significant time and effort in governing human and non-human identity and securing underlying standard and privileged access to cloud assets (driven mainly by strict operational and compliance requirements). This is probably the reason why only 12% of respondents see IDAM as their major challenge in the journey to secure the cloud environment. However, our latest cybersecurity Pulse study has shown that one of every two enterprises still relies on too many manual processes for managing access, in particular privileged access. Security leaders must be on guard as end-to-end management of cloud access is too critical to be left to manual processing, which could lead to significant risk exposure.
• Regulatory compliance. Only 4% of respondents have reported that ensuring compliance with all relevant regulatory requirements is their number one challenge. Not meeting minimum compliance standards is certainly not an option and has been de facto a top priority from the start for most enterprises. In addition to that, many control frameworks, such as the Cloud Controls Matrix released by the Cloud Security Alliance, have notably helped enterprises get ready to tackle the multiple compliance requirements. But let’s not forget that being compliant does not necessarily equate to being secure.