Cyber Resilience

Breaking Down Vanson Bourne’s Cloud Research: 3 Key Takeaways

With so many new trends and buzzwords being tossed around related to cloud security, it’s easy to get caught up in the noise. Oftentimes, the best way to cut through the complexity is to go back to the research.

That’s why Illumio partnered with technology research specialist Vanson Bourne to assess the current state of cloud security in the new Cloud Security Index 2023.  

In a recent webinar, Ruth David, Research Manager at Vanson Bourne, joined Brian Pitta, Global Distinguished Field Engineer at Illumio, and Sean Yarger, VP of Global Sales Engineering, to explore the recent report, cloud trends impacting CISO decision-making, and what Illumio is doing to bring Zero Trust Segmentation to hybrid and cloud environments.

You can also watch the full recording here and see a short clip from the webinar below:

Here are three takeaways from their discussion.  

1. Data clearly illustrates cloud security urgency

The Cloud Security Index 2023 found that nearly all organizations are using the cloud in some way. In fact, in the United States alone, 100 percent of respondents said their organization was leveraging the cloud.  

Statistics from the Cloud Security Index 2023

And organizations aren’t just using the cloud as back up — 98 percent of organizations are currently holding sensitive data in the cloud, and nearly 90 percent are currently running their highest-value applications in the cloud.

“It goes to show how frequently the cloud is being used right now,” David remarked. “And unfortunately, we found that of the data breaches suffered over the past year, nearly half originated in the cloud.”

For David, this indicates an issue with the ways organizations are currently approaching security in cloud environments.

“One of the main takeaways from this research really was that traditional cloud security is failing modern organizations,” David said.

Get insight into the most important highlights from the report in this infographic.  

2. Traditional on-premises security doesn’t work in the cloud

One of the reasons organizations are struggling to secure is the cloud is because it’s the “unknown,” Pitta said. It’s difficult to get visibility into fast-changing cloud environments, and all the new cloud service offerings can quickly make the problem more complex.

Pitta detailed 2 reasons why the cloud requires different measures than on-premises environments:

  • “The cloud introduces a ton of new services,” Pitta said. “If I used to just have virtual machines and physical service, I now have Kubernetes clusters and databases.”
  • “The rate of change has accelerated tremendously,” he continued. “There are new services coming out at what feels like by the hour that IT teams need to keep track of. That's another big challenge — understanding the nuances of each and how you go about controlling them.”

Yager believes that these key differences in the cloud can oftentimes cause a wider attack surface than on-premises environments. And with many organizations trying to implement the same on-premises security measures into the cloud, threat actors have a growing range of options for their next attack.

3. Zero Trust Segmentation is essential to modern cloud security

As more organizations manage their most important data and applications in the cloud, it’s important to prioritize cloud resilience. There are a lot of tools that security teams can use in a stack for cloud security — so why should Zero Trust Segmentation be one of them?

“It really comes down to the fact that it’s the protection layer when all else fails,” Pitta explained.  

Prevention and detection technologies help stop attacks from entering the network perimeter. But in today’s threat landscape, breaches are inevitable. To build resilience against ever-evolving threats, organizations must implement a Zero Trust security strategy based in the mindset of “never trust, always verify.” Zero Trust Segmentation (ZTS) is foundational to any Zero Trust architecture.  

“ZTS has two missions: stop attacks or slow them down,” Pitta explained. “ZTS makes it so a breach can't spread and eventually get detected — which means very little impact — or it takes a lot longer to spread, which is just giving you more time to detect it.”

In a world where breaches can’t be avoided, the goal is to limit their impact. “You could call ZTS a safety net. No matter what, it won't be as bad as it could have been,” Pitta said.

Illumio CloudSecure extends ZTS to your cloud environments. With CloudSecure, security teams can:

  • Visualize cloud workload connectivity
  • Apply proactive segmentation controls
  • Proactively contain attacks on applications and workloads in their public cloud environments, across servers, virtual machines, containers, and serverless computing.  

By extending ZTS to the cloud, security teams can be confident that inevitable cloud attacks will be stopped and contained at their source.  

Learn more about Illumio CloudSecure today. Contact us for a free consultation and demo.

Related topics

Related articles

Understanding EU Compliance Mandates: Operational Technology & Critical Systems
Cyber Resilience

Understanding EU Compliance Mandates: Operational Technology & Critical Systems

A discussion of the operational technical regulations and security controls specific to Critical Systems and Operational Technology.

Zero Trust Security, “Assume Breach” Mindset, and the UK’s Data Reform Bill
Cyber Resilience

Zero Trust Security, “Assume Breach” Mindset, and the UK’s Data Reform Bill

While 90 percent of organizations plan to prioritize a Zero Trust security strategy in 2022, staggeringly few believe they’ll experience a breach.

Operationalizing Zero Trust – Step 5: Design the Policy
Cyber Resilience

Operationalizing Zero Trust – Step 5: Design the Policy

Learn about an important step on your organization's Zero Trust journey; Design the policy.

Why 93% of Security Leaders Say Cloud Security Requires Zero Trust Segmentation
Zero Trust Segmentation

Why 93% of Security Leaders Say Cloud Security Requires Zero Trust Segmentation

Get insight from new research on the current state of cloud security and why Zero Trust Segmentation is the key to cloud resilience.

Is Hidden Connectivity Reducing Your Cloud ROI?
Zero Trust Segmentation

Is Hidden Connectivity Reducing Your Cloud ROI?

Hunt down unneeded cloud connections to streamline cloud security and ROI with Zero Trust Segmentation.

5 Reasons Why CNAPPs Are Limiting Your Cloud Security
Zero Trust Segmentation

5 Reasons Why CNAPPs Are Limiting Your Cloud Security

Learn why CNAPPs can only take your security so far and how Zero Trust Segmentation can help.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?