A new report from ESG, released at the September’s Cloud Native Security Summit, found that security professionals regard their existing tools inadequate for securing critical cloud data, even as their organizations invest heavily, with increasing speed, in cloud applications. 

Commissioned by Capsule8, Obsidian, and Signal Sciences, the report, Retooling CyberSecurity Programs for the Cloud-First Era, warns of a security gap that is both wide and dangerous. The report, based on surveys with responses ranging from approximately 392-600 senior IT decision makers and cyber security professionals, reveals that cloud-first strategies are becoming more common, with 39%of respondents from cloud-first organizations saying that they only consider on-premises if someone makes a compelling business case to do so. 

What’s more, in the next two years, 58% of respondents say they’ll have more than 40% of their data stored in the public cloud–and 45% of this data will be sensitive. Nonetheless, even with this shift to the cloud, 81% of respondents said their on-premises data security practices are more mature than those that are intended to secure cloud-resident data. At the same time, 50% of those surveyed say their organization has lost cloud-resident data. Other key findings:underscore how cloud security is lagging despite mass adoption of the cloud:

° Ninety percent of respondents worry about not having visibility into misconfigured cloud services, server workloads, network security, or privileged accounts.

° Eighty-three percent also report concern about the misuse of privileged accounts by insiders. 

° Thirty-five percent say that the use of multiple cybersecurity controls has increased complexity, and 66% say IT is more complex than it was two years ago.

° Forty-three percent cited maintaining consistency across the disparate infrastructures of hybrid, multi-cloud environments where cloud-native apps are deployed as the biggest challenge in securing cloud-native apps.

° Forty-three percent of respondents say that DevSecOps automation is the highest cloud security priority to address many of these concerns.