Short on time? Here's an overview:
Organizations tend to underestimate the complexities of securing cloud environments. Applications running on-premises are within a well-understood and stable security perimeter under the organization’s complete control. Moving to a cloud or hybrid environment changes this basic assumption. The increased flexibility and power of cloud services results in increased complexity of governance and operations, thereby increasing the possibility of vulnerabilities due to misconfigurations.
Organizations have widely embraced the cloud. The cloud is so firmly established that Gartner calls it “the new normal for enterprise IT.”
The cloud is compelling because it is a lot more predictive in terms of an organization’s IT spend. It drives innovation by enabling the quick and elastic provision of resources and by making a wide range of building blocks available from a single console. Organizations can be on the leading edge, be more agile and benefit from economies of scale.
Many organizations are already on cloud journeys today, but those journeys are still evolving. There is a lack of understanding of foundational paradigm shifts resulting from cloud usage. Compared to traditional data centers, the attack surface for cloud deployments is larger and more dynamic because of the use of ephemeral resources and more granular services. This is exacerbated by the sometimes-uncontrolled proliferation of cloud usage by teams within an organization.