SANS 2022 Cloud Security Survey, Chapter 1: How Security Questions Are Affecting Cloud Usage Patterns

Originally published by Gigamon.

Written by Chris Borales, Gigamon.

Editor’s note: This post explores Chapter 1 of the SANS 2022 Cloud Security Survey.

More and more enterprises have been migrating data and compute power to the cloud — but security woes have followed them there. Over the past several years, we have seen examples of vulnerabilities in cloud assets, cloud service provider outages, sensitive data disclosure, and breaches involving the use of public cloud environments.

In fact, the 2021 Data Breach Investigations Report from Verizon noted that compromised external cloud assets were more common than on-premises assets in both incidents and breaches.

In order to learn more about what real-world cloud users thought about their security needs, the SANS Institute conducts regular surveys, with the 2022 Cloud Security Survey being the most recent example.

In this series of blog posts, each of which covers one chapter, we’ll take stock of what your industry colleagues think about this rapidly changing landscape. We’ll start assessing how most organizations are using the cloud today.

How Much Cloud Are We Using — and What Are We Using It For?

Survey respondents use a variety of cloud applications today, as outlined in Figure 1. Perhaps unsurprisingly, the most common use is for business applications and data, with 68 percent of respondents saying that their cloud use falls into this broad category.

Figure 1. Cloud applications in use.

But other common uses give us a picture of the cloud security landscape. In fact, many of the surveyed users are actually using cloud services to help secure their infrastructure. As many as 54 percent said that “security services” was one of the reasons they had for using the cloud in the first place.

Meanwhile, backup and recovery services shot up from fourth place in the 2021 survey to second this year, at 57 percent, a factor in all likelihood driven by ransomware attacks. Archiving and data storage also was high on the list, with 42 percent of respondents saying they used cloud services for that purpose; this could also be related to ransomware recovery needs, though it may also just indicate that cloud use in general is increasing, and storage needs are increasing with it.

SANS also asked respondents a somewhat more basic question: How many public cloud providers do they use? The results are in Figure 2.

Figure 2. Number of cloud providers in use.

Most respondents cluster at the lower end here, and that hasn’t changed much in recent years: “Two to three providers” has remained the highest response category since 2019. Smaller organizations are still hesitant to move into multi-cloud deployments, and only a few organizations are using more than 20 cloud service providers. That’s consistent with previous surveys, as well.

But there are indications that more and more organizations are moving towards a multi-cloud architecture. It is interesting to note that in 2021, only 3 percent of organizations were using 11–20 providers, whereas that number has jumped up to 9 percent in 2022. Just over 16 percent were using 4–6 providers in 2021, and that number has increased to 23 percent in 2022.

Tools for the Cloud Future

The increase in the use of cloud applications and multi-cloud implementations, particularly those oriented toward end users, carries with it all sorts of security implications, as keeping your infrastructure locked down becomes more difficult if it is hosted by multiple providers. SANS wanted to find out if organizations were adopting new tools like cloud access security brokers (CASBs) and identity federation platforms that help centralize control and keep multi-cloud infrastructures secure.

Indeed, many respondents indicated that they are using CASBs: 53 percent, a significant increase over the 43 percent who said yes just a year before. Up to 49 percent of respondents’ organizations are leveraging cloud network access services, and 46 percent are also using federated identity services to help centralize user access and authorization into cloud applications.

Not as many organizations have adopted a multi-cloud broker to centralize access to platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS), and other service provider environments, but those numbers number grew as well, from 18 percent in 2021 to 25 percent in 2022. The newer category of secure access service edge (SASE), which combines numerous security services into a central brokering model, is gaining traction too, with 18 percent of respondents saying they’ve adopted this technology.

These moves all make sense. The industry needs new services that can help centralize user access and identity and also implement user-oriented policies for monitoring activity and protecting data as cloud application use grows. That’s because a lot of security challenges loom when it comes to cloud deployments, as respondents are well aware.

Stay tuned for the next installment in this blog series to find out what they think about risk and governance in the cloud. You can also dive into the full survey report so you can take stock of this important digital movement.