Enterprises in highly competitive markets are rapidly scaling in the public cloud, with 76% of these businesses saying that this scaling is critical to their success. From a newly commissioned study conducted by Forrester Consulting on behalf of Sonrai Security and Amazon Web Services (AWS) entitled “Identity Controls Are Central to Enterprise Plans for Cloud Security,” 80% of decision-makers surveyed note that the increase in cloud migrations is requiring a new set of security solutions with 74% of firms believing cloud migrations require new IAM solutions.
The numbers speak for themselves. This survey study focused on the relationships between cloud security and identity controls and found that organizations continue to increase both their usage of public clouds and the number and types of tools they use to secure their data in them. On average, organizations are using no less than six separate tools to secure their clouds today, and yet 56% say that machines and non-people identities are out of control in the cloud. The results of this are that a staggering 96% of enterprises surveyed report that their “organizations faced security incidents in the last 12 months” with 98% of them reporting identity-related security challenges.
That cloud security is a growing concern and that identities (specifically, non-person identities) are a critical factor of it is not surprising to us at all. To give an example of scale, Sonrai measures 30,000 unique permissions across all three major clouds with 17 new permissions being added every day. Think about that, with the rapid growth both in the usage of the cloud, and the complexity of Identity Management, how can even the most well-funded teams keep up? They don’t, and often times they operate with significant risks in their cloud, to which they are completely blind. Customers are taking action – according to the Forrester study, by 2023 82% of firms say they will have invested in cloud infrastructure entitlement management solutions. Customers in the study see machine learning, automation, and DevOps integration as key to addressing this complexity and we at Sonrai wholeheartedly agree. We also believe that to get the true risk picture of their public cloud, organizations require context beyond just the identities themselves, and need to connect identities with business data, overall platform risk through CSPM, and workload security. In addition to this context-based risk picture, the methods for managing the risks also need to evolve. Only through the use of intelligent workflows and automation, can security move both at the speed, and the scale of the cloud. When working in this new model, we believe that organizations can achieve a level of security in the cloud, using the cloud, that was never before possible.