Resistance to external service providers remains high within many internal IT organizations largely because of two issue: pride and fear. Too many IT teams are reluctant to admit they might need help. If they admit they do need help, they’re afraid that one day they might one day find themselves out of a job. The trouble is that many IT organizations are simply not up to the IT tasks at hand. There’s no better proof of that than a survey of 300 IT and security professionals conducted by Propeller Insights on behalf of Fugue Software, a provider of security automation software, that finds that 92 percent of IT and security professionals reported concerns about security risks due to misconfiguration, and 82 percent admitted there has been a security or compliance issue because of misconfiguration of cloud infrastructure.
More confounding yet, fewer than a third of the respondents report they are continuously monitoring for misconfiguration. Given the number of high-profile breaches in the last few years, that can all be traced back to misconfiguration of cloud infrastructure that lack of monitoring borders on reckless.
92 percent of IT and security professionals reported concerns about security risks due to misconfiguration.
Specifically, the Fugue survey finds cloud infrastructure misconfigurations led to system down time events (44 percent), unauthorized traffic to a virtual server instance (36 percent), unauthorized access to a database service (34 percent), object storage breaches (34 percent), unauthorized user logins (29 percent ), unauthorized API calls (29 percent) and, most concerning of all, critical data breaches (27 percent).
To make matters worse, just under half of the survey respondents report spending 50 to 500 hours or more each week to managing misconfiguration issues such as reviewing alerts, identifying critical issues, remediating, producing reports, and auditing. Among the top causes of cloud misconfiguration cited were human error (64 percent), lack of policy awareness (54 percent), and challenges in governing multiple interfaces to cloud APIs (47 percent). Despite all those efforts, 68 percent of the survey respondents report delays in remediation of critical issues, and 79 percent admit critical misconfiguration events are still being missed.
Offering continuous cloud infrastructure monitoring to SMBs
They say the best way to sell anything is to discover where a customer has a major problem and then solve it. Managed service providers (MSPs) are clearly in the best place to provide continuous cloud infrastructure monitoring on behalf of a wide range of customers. As more workloads move into the cloud, cloud infrastructure issues are only going to become more problematic.
Of course, cloud infrastructure monitoring is only one of many issues that internal IT organizations have. But it happens to be an issue where failure to fix a misconfiguration before the inevitable security breach is a very public event. There’s no hiding from the fact that a security breach involving a misconfiguration is direct responsibility of the internal IT organization. Even when a third-party developer may have made the initial mistake; it’s still the responsibility of the internal IT team to discover and remediate the problem. Faced with that level of accountability, chances are good that most internal IT organizations are going to be more open to a little external help from an MSP than they might have been before now. And once that relationship gets established, the opportunity for MSPs to help solve a whole host of other issues becomes self-evident.
Photo: Maksim Kabakou / Shutterstock.