How is IT security evolving, both on premises and in the cloud? What are the top threats and the top challenges, and how have they changed in recent years? And what do organizations see as their key priorities for strengthening cybersecurity?
To answer these and related questions, Netwrix Research Lab published the 2023 Hybrid Security Trends Report. Conducted in February, it analyzes the results of an online survey of 1,610 IT professionals from 106 countries and compares those findings to similar reports from preceding years. This article highlights key takeaways to help organizations concentrate their security efforts on what really matters.
Challenges of moving to the cloud
The cloud is an integral part of the IT infrastructure for most organizations. Indeed, 81% of organizations now use at least one cloud environment and more than a third (37%) of the remainder plan to adopt cloud technologies within 12 months.
However, organizations are moving workloads to the cloud more slowly than anticipated. The percentage of workloads in the cloud rose only marginally from 2022 to 2023, from 41% to 44%, even though respondents in the 2022 survey had anticipated an increase to 54%. In fact, only 11% of organizations reported they were moving to the cloud as quickly as they needed.
Two key factors help explain this finding.
The need to maintain security — Secure cloud adoption requires diligence. Moving to the cloud is not a copy-and-paste thing — it requires careful planning, expectation management, and sufficient resources for testing and reengineering. Organizations are wise to proceed cautiously, with proper attention to how each decision can impact security and compliance.
Attempts to forcibly accelerate cloud migration can lead to serious security gaps, which can result in breaches and compliance issues that can require costly architecture redesign. Therefore, it’s vital to use tools that cover both on-prem and cloud systems to avoid security incidents when the IT environment is in its most vulnerable state: the state of change.
The need to build a viable hybrid environment — Nearly three in four organizations (73%) today have a hybrid IT environment. As a result, they face the challenge of integrating cloud technologies with their current IT environments. In fact, according to the 2022 survey, this was the top factor slowing cloud adoption, as reported by 41% of organizations.
Indeed, many organizations have a significant on-premises infrastructure, and switching to the cloud while maintaining business operations is not easy. A lift-and-shift approach might appear to be the easiest — simply run on-prem products on virtual machines in a cloud data center. But in fact, business applications are often deeply integrated with other systems, so the migration path can be quite complicated. Alternatively, transitioning to software as a service (SaaS) is typically the most cost-effective option, but vendors rarely offer SaaS solutions that are entirely equivalent to their on-prem products.
As a result, organizations often end up in hybrid mode, adopting some cloud-native applications, such as email and CRM, but still maintain on-prem infrastructure for tools that are difficult or costly to migrate.
On-prem versus cloud security risks
To form their cloud migration strategy, organizations need to understand how security risks can differ for on-prem and cloud infrastructures.
Frequency of cyberattacks
The survey found that on-premises infrastructures suffered more cyberattacks than the cloud. The starkest difference was for ransomware and other malware attacks, which were reported by nearly twice as many respondents for on-premises environments (37%) as the cloud (19%).
On-prem environments are more vulnerable to malware attacks than SaaS systems because they tend to have sprawling privileges — users often have administrative rights on their computers, there are large numbers of highly privileged accounts, and so on. These excessive rights enable ransomware to spread quickly from an initial compromised endpoint across the on-prem IT ecosystem.
Types of attacks
The report also analyzed the types of cyberattacks that organizations are experiencing. Three of the most salient are outlined here:
- Phishing — Phishing is the most common attack type — 73% of respondents suffered this type of cyberattack on premises, and 58% experienced it in the cloud. These attacks are likely to become even more common and effective. While phishing emails used to be easy to spot due to common grammar and spelling mistakes, the advent of AI tools, like ChatGPT, allows threat actors tp create more compelling phishing messages. Similarly, they will be able to easily craft convincing webpages that are more likely to lure targets into providing their credentials or other sensitive data.
- Account compromise — Account compromise attacks in the cloud continue to intensify, with 39% of respondents reporting it in 2023 compared to 31% in 2022 and just 16% in 2020. In particular, attackers seek to compromise administrative accounts that they can use to spread laterally to other systems and gain access to critical data they can destroy or hold hostage for ransom.
- Insider threat — The risk associated with an organization’s own employees was the top data security concern, cited by 58% of respondents.
One core strategy can help shut down all of these attack vectors: strictly limiting user privileges. For business users, this means enforcing the least privilege principle with comprehensive identity access management (IAM). For effective implementation, look for solutions that provide automated approval workflows that empower users to request the access rights they need and that enable business owners to approve or deny those requests, as well as to regularly review and validate access rights to the data and applications they are responsible for.
The best way to rein in privileged access is to implement effective privileged access management (PAM), ideally through a zero standing privilege (ZSP) approach. ZSP involves eliminating as many risky standing privileged accounts as possible. Instead, users are granted elevated privileges only when they are required and only for as long as required.
The Netwrix 2023 Hybrid Security Trends Report also reveals the challenges organizations face in safeguarding their sensitive data. The top security concern for on-premises infrastructures is understaffed IT teams, while for cloud environments, it is lack of budget. To address these challenges, it is essential to enable IT pros to work as effectively as possible by providing not more tools, but the right tools.
Key strategies include the following:
- Automate routine tasks, like active directory management. Indeed, automation of manual IT processes was named a priority by 38% of respondents.
- Avoid alert fatigue by using mature security products that produce fewer false positives.
- Simplify IT management by relying on a select group of trusted vendors that have an extensive portfolio and a unified support team.
- Reduce the risk of user errors and negligence by providing regular, high-quality cybersecurity training to everyone with access to the network.
- Implement rigorous system hardening and change control to minimize vulnerabilities that could lead to security incidents or downtime.
In addition, smaller organizations may want to partner with a managed service providers (MSP) to bridge any gaps in their internal IT team’s expertise and bandwidth.
The three main IT priorities have remained the same since 2019: data security, network security, and cybersecurity training. One area that is steadily dropping off of IT priority lists is digital transformation — most organizations have already digitalized their most vital workloads.
Organizations are also less concerned with integration of existing solutions. However, inconsistent coverage of cloud and on-premises estates still poses an issue.