Tenable: Security Expertise Gap Threatening Cloud Expansion

As businesses strive to meet the increasing demand in AI, many aim to enhance their cloud presence.

Google recently announced €1bn (US$1.8bn) investment in its Finnish data centre campus, emphasising its commitment to Cloud AI growth in Europe.

The rapid advancement of AI generates a large volume of data that data centres must manage, compounded by modern cybersecurity protocols necessitating data replication for resilience against breaches and corruption.

However, Tenable, an exposure management company, has cautioned in a recent report that these cloud expansion plans may be jeopardised by a skills gap.

Issues with expansion

Tenable's latest cloud security report, "2024 Cloud Security Outlook: Navigating Barriers and Setting Priorities," reveals that although 97% of IT managers plan to expand their cloud environments in the next year, 45% of those overseeing cloud security cite a significant lack of expertise as a barrier to implementing new cloud security measures.

"In today's digital landscape, organisations are racing to embrace cloud technologies for their myriad benefits, yet our latest findings reveal that a staggering 97% of organisations are currently grappling with insufficient expertise in cloud infrastructure security," said Bernard Montel, EMEA Technical Director and Security Strategist at Tenable, following the report.

The need for expertise

Cloud computing has transformed business operations, offering scalability, cost-effectiveness, and accessibility. However, as more organisations adopt cloud services, cybersecurity threats have become a major concern.

A 2024 report from CrowdStrike indicates that cloud intrusions have increased by 75% over the past year, with attackers penetrating customer environments in as little as two minutes.

Threats to cloud environments include data breaches, where vulnerabilities or misconfigurations expose sensitive information; DDoS attacks, which flood cloud resources with malicious traffic, disrupting services and causing financial losses; and insider threats, where individuals with legitimate access exploit cloud systems.

Addressing these threats necessitates a multi-layered approach, including robust access management, encryption, continuous monitoring, and adherence to cloud security best practices. 

This underscores the need for a growing number of skilled cybersecurity professionals, a resource currently in short supply. 

Lewis West, Head of Cybersecurity at Hamilton Barnes, highlighted how an ageing workforce and the financial challenges small businesses face post-COVID have created a crisis in the cybersecurity sector.

A 2023 report by the professional association for IT services, ISACA, also found that 39% of organisations are seeking to fill entry-level positions that do not require experience, degrees, or credentials to address this shortfall.

Without a dedicated team of cloud security experts, organisations may overlook critical misconfigurations, fail to implement robust access controls, or struggle to monitor their cloud infrastructure effectively.

Even outsourcing elements of security is tentative, as 33% of respondents to the Tenable report believe that one of the biggest risks to their cloud infrastructure now comes from third-party suppliers.

"While the intention to expand cloud systems is evident among IT leaders, the alarming occurrence of breaches and the identified risks, such as third-party providers in supply chains, underscores the urgent need for organisations to prioritise investment in upskilling and resources," Montel states. "Addressing the clear skills gap is paramount in fortifying cloud security measures and mitigating the risks posed by an evolving threat landscape."

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand