Unveiling the most influential cloud security insights from the latest CSA and AlgoSec research. Hear what thousands of global cloud security experts are saying about their cloud and hybrid network infrastructure, responsibilities, security incidents, common pitfalls and vulnerability and risk management in the cloud. Join John Yeoh, Global Vice President of Research from the Cloud Security Alliance (CSA) and Omer Ganot from AlgoSec to find out: What companies are doing in the cloud Top security concerns and challenges faced by survey research respondents Who is ACTUALLY responsible for managing security in the cloud How organizations are managing risk and vulnerabilities The REAL contributors to network incidents in the cloud

1. THE STATE OF CLOUD
FEBRUARY 2021
Omer Ganot, Cloud Security PM, AlgoSec
John Yeoh, Global VP Research, CSA

2. John Yeoh
2 | Confidential
PRESENTERS
Global VP Research
Omer Ganot
Cloud Security PM

3. ✓Co-developed by CSA and AlgoSec
✓ 1st Survey published Feb 2019
✓ 2nd Survey published Feb 2021
✓ Based on the 2021 State of the Hybrid Cloud Security survey
✓~2,000 Responses from global IT & security professionals
3 | Confidential
PRECURSOR

4. AGENDA
Cloud adoption
2
3
4
5
Complexity of the modern-day network
Who is responsible for cloud security?
Misconfigurations and outages
Questions … and Answers!
4 | Confidential

5. CLOUD ADOPTION

6. WHAT PERCENTAGE OF YOUR WORKLOADS DOES YOUR ORGANIZATION
CURRENTLY RUN IN THE PUBLIC CLOUD IN PRODUCTION?
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
1-20% 21-40% 41%-60% 61%-80% 81%-100%
2019 2021
• Cloud adoption is accelerating
• 53% of respondents have over 40% of
their workloads in the cloud
• Almost 30% have over 60% in the cloud

7. 2021 WORKLOAD IN CLOUD PERCENTAGE | EXPECTATION VS. ACTUAL
22%
21%
24%
15%
13%
14.64%
23.75%
18.93%
17.50%
13.57%
0%
5%
10%
15%
20%
25%
30%
1-20% 21-40% 41%-60% 61%-80% 81%-100%
2019 Expectations (for 2021) 2021 Actual

8. 2021 WORKLOAD IN CLOUD PERCENTAGE | EXPECTATION VS. ACTUAL
8
22%
21%
24%
15%
7%
6%
13%
21%
22%
18%
13%
8%
0%
5%
10%
15%
20%
25%
30%
1-20% 21-40% 41%-60% 61%-80% 81%-99% 100%
Current Expected (for 2022)
The number of organizations that will have
81%-99% of their workloads in the cloud
within 12 months will double

9. HAS PUBLIC CLOUD IAAS MET THE EXPECTATIONS AND PROMISES?
(E.G. AWS, AZURE, GCP)
2.1
2.3
2.3
2.3
1.0
2.0
3.0
Reduced Cost Increased Agility and Elasticity DevOps-Friendly Improved Uptime
Better than expected:
As Expected:
Worse than expected:

10. “CLOUDPLEXITY”

11. MANAGING SECURITY IN THE CLOUD IS COMPLEX
MULTIPLE CLOUDS
11
Private
Clouds
Multi
Public Clouds
On-Prem Intranet Dedicated Server

12. WHICH PUBLIC CLOUD PLATFORMS DOES YOUR ORGANIZATION USE?
12
60.70%
56.45%
25.22%
4.40%
8.50% 7.04%
67.31%
65.34%
37%
9.89% 11.05%
9%
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
AWS Azure GCP Alibaba IBM Oracle Cloud
2019 2021
• The entire cloud platform market share
has grown
• 62% use multiple cloud environments
• 27% of all respondents leverage 3 or more
cloud platforms

13. MANAGING SECURITY IN THE CLOUD IS COMPLEX
MULTIPLE LAYERS OF SECURITY CONTROLS
13
3rd party Security Vendors
Products
Cloud Infra Security
Controls
Advanced Security
Controls by Cloud
Providers

14. WHICH PUBLIC CLOUD PLATFORMS DOES YOUR ORGANIZATION USE?
14
70.37%
58.48%
45.03%
31.58%
74%
71%
49%
22%
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
Cloud provider’s native security controls
(e.g. Security Groups, Network ACLs)
Cloud provider’s additional security
controls (e.g. Azure Firewall, AWS WAF,
AWS Firewall)
Virtual editions of traditional firewalls (e.g.
Palo Alto Networks, Check Point,
Barracuda) deployed in the cloud
environment
Host based enforcement (e.g. SDP)
2019 2021
50% of organizations use
3rd party Next-Gen firewalls

15. WHAT BENEFITS ARE YOU LOOKING FOR IN A CLOUD SECURITY MANAGEMENT TOOL?
15
7.4
7.2
6.9
5.8
5.7
4.8
4.3
0.0 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0
Clear visibility (topology, policy) for the entire hybrid network estate
(multi-cloud and on-prem)
Proactively detect network risks
Proactively detect misconfiguration risks (e.g. IAM)
Automation, uniform change management across the different
security controls
Regulatory compliance reports
clean up cloud security controls with excessive rules
Ease of migration of workloads from on-prem to cloud

16. VISIBILITY – REQUIREMENTS
16
Full visibility into all
elements that make
up your network:
cloud, SDN and on-
premise
Single pane of glass
to view different
security controls
across hybrid
environments
Clear and uniform
visibility of cloud
assets across the
multi-cloud
Discovery and mapping of
network flows to the
matching business
applications
Topology Security Controls Application Connectivity
Assets

17. Native Cloud Security Controls
(Security Groups/NACL/NSG)
Virtual appliance in the cloud
Traditional FW
Virtual appliance in the SDN fabric
Private cloud SDN – distributed FW
A SINGLE PANE OF GLASS INTO YOUR ENTIRE NETWORK
17

18. VISIBILITY INTO SECURITY CONTROLS
18

19. VISIBILITY INTO APPLICATION NETWORK FLOWS
19

20. CLOUD SECURITY STAFFING

21. MANAGING SECURITY IN THE CLOUD IS COMPLEX
MULTIPLE STAKEHOLDERS
Application Developers/
DevOps
CISO IT / Network Security Cloud Teams
Security Operations
21

22. WHICH TEAM IS RESPONSIBLE FOR MANAGING SECURITY
IN THE PUBLIC CLOUD?
22
6%
18%
8%
16%
4%
35%
9%
0%
5%
10%
15%
20%
25%
30%
35%
40%
Application Owners Cloud Team DevOps
Engineers/Manager
IT Operations Managed Service
Provider
Security Operations Network Operations

23. WHAT CONCERNS DOES YOUR ORGANIZATION ENCOUNTER WHEN
ADOPTING A PUBLIC CLOUD PLATFORM?
23
58%
47%
44%
32%
14%
13%
9% 8% 8%
0%
10%
20%
30%
40%
50%
60%
Network security Staff lacks cloud
expertise
Migration of
workloads to the
cloud
Insufficient amount
of staff to manage
cloud environment
Integration with the
current IT
environment
Regulatory
compliance
Lack of visibility Legal concerns Cost
79% of organizations are
concerned with the lack of
required talent

24. MISCONFIGURATIONS & OUTAGES

25. HOW MANY CLOUD-RELATED
OPERATIONAL INCIDENTS DID YOUR
ORGANIZATION EXPERIENCE IN THE
LAST 12 MONTHS?
MAX
101
Average
4.95

26. WHAT WAS THE IMPACT OF YOUR MOST DISRUPTIVE CLOUD OUTAGE?
26%
24%
14%
8%
4%
0%
5%
10%
15%
20%
25%
30%
Operational loss of less
than an hour
Operational loss of 1-3
hours
Operational loss of 3-5
hours
Operational loss of a
working day
Operational loss of longer
than a working day
Close to 50% of cloud outages
lasted for over an hour

27. THE COST OF NETWORK DOWNTIME
According to Gartner
The average cost of network
downtime is about
$5,600 per minute
Just about $300,000 per hour
Source: https://blogs.gartner.com/andrew-lerner/2014/07/16/the-cost-of-downtime/

28. WHAT WAS THE MAIN CONTRIBUTOR TO THE OUTAGE?
29%
26%
22%
20%
16%
0%
5%
10%
15%
20%
25%
30%
Operational human errors
and mismanagement of
devices
Cloud provider issue Security misconfiguration Security attacks such as
denial of service (DoS)
Network bandwidth issues
More than 50% of outages
are due to human error

29. Validate the
change
Map
devices in
path
Check for
risk
involved
Plan the
Rules
Implement
the change
on the
devices
RISK AWARE CHANGE AUTOMATION
Request a
network
change
29

30. WHAT CONCERNS DOES YOUR ORGANIZATION ENCOUNTER WHEN
ADOPTING A PUBLIC CLOUD PLATFORM?
30
58%
47%
44%
32%
14% 13%
9% 8% 8%
0%
10%
20%
30%
40%
50%
60%
Network security Staff lacks cloud
expertise
Migration of
workloads to the
cloud
Insufficient
amount of staff
to manage cloud
environment
Integration with
the current IT
environment
Regulatory
compliance
Lack of visibility Legal concerns Cost

31. • Cloud Adoption is growing quickly
• Hybrid networks are complex
• Multiple cloud vendors
• On-prem, private and public cloud
• Multiple stake-holders
• It’s difficult to recruit cloud security professionals
• Outages can be costly
• They can be eliminated with automation
• You can apply your security guidelines in the cloud
if you choose the right tools
31
SUMMARY

32. 32 | Confidential
QUESTIONS?

33. THANK YOU