November 24, 2022

What is Cloud Confusion?

Companies increasingly rely on, adopt and invest in cloud solutions for their cybersecurity. For example, public cloud services are predicted to have a 20.7% CAGR for 2023 to $591.8 billion and in 2020, 93% of companies using cloud utilised a multi-cloud strategy. However, factors such as cloud migration, cross-cloud incompatibility and lack of clear responsibility complicate companies' understanding and use of multi-cloud solutions. Understandably, these factors cause a very common problem called cloud confusion. 

The consequences of cloud confusion can have very damaging implications such as misconfigured cloud services, resulting in possible data loss, introduction of malware, failed audits and more. According to an IBM 2021 report, misconfigured cloud services are the third most-common threat of data breaches, accounting for 15% of breaches and averagely costing over $3.61 million in 2021. All of these costly consequences often lead to extended project budgets and deadlines. 

Furthermore, in a Flexera Report, 83% of decision-maker respondents cite security as the top cloud challenge. Similarly, cloud confusion is something the Cloud Security Alliance acknowledges:

The key to a successful security implementation in a cloud environment is understanding where your provider’s responsibility ends and where yours begins. The answer isn’t always clear-cut, and definitions of the shared responsibility security model can vary between service providers. … In a multi-cloud environment, these variations introduce complexity and risk. … Your overall security posture is defined by your weakest link. If you have a gap in coverage in any one system, you increase vulnerability across the entire stack and out to any connected systems.

As digital transformation initiatives are dramatically accelerated to support remote workers who rely on cloud services, it is essential to its success that organisations understand the shared responsibility model in order to establish clear team communication in remote settings.

The Shared Responsibility Model (SRM)

Based on the shared responsibility model, cloud service providers are responsible for networking, protecting hardware, software and facilities that run on its services. Whereas companies are responsible for information and data functions such as accounts, identities as well platform and resource preferences. 

The confusion begins as definitions of shared responsibility security can differ between cloud solution providers (CSP) based on the type of service, infrastructure-as-a-service (IaaS), software-as-a-service (SaaS) or platform-as-a-service (PaaS). 

Although AWS and Azure both similarly state the companies’ retained security responsibilities depend on the service selected and use similar wording, their shared responsibility agreements leave a gap for interpretation and discussion. Amongst services, applications and controls ownership layers and security responsibilities differ via cloud provider and service type.

All the unique ownership distinctions between CSPs’ present complexity and thus risk in multi-cloud environments. This is heightened as each application, environment and service also requires a tailored approach for security monitoring and assessment. If there are existing gaps in covering each of these contextual variations in at least one system, the company increases their cyber vulnerability across their entire stack and additional connected systems. 

Although technology is constantly evolving, cloud confusion is still a persistent yet expensive and time consuming problem; causing project delays and team miscommunication as Rob Coward discusses here

https://www.youtube.com/watch?v=iEAWydLilfA&t=11s 

Therefore, establishing a clear and secure cloud infrastructure with a reliable and experienced technical team is essential as technical errors are aggravated by lack of employee skills and knowledge gaps.

So how can WeShape help with cloud confusion?

It’s essential that companies engaged in cloud as well as partner businesses can share the responsibility for securing their cloud footprint. WeShape are cloud agnostic which means collaboration is easier, faster and more effective.

  • WeShape are ISO 27001 certified which means we have a deep understanding of responsible cyber security and vulnerability
  • Advisory solutions with an expert cloud consultant who will help identify and minimise cloud confusion to optimise cloud solutions

Our cloud consultants such as Rob Coward can assist with cloud migration and confusion, find out more about our on-demand consultants here:

To find out how to optimise your cloud and protect your company from cloud confusion, book a quick chat with WeShape.

About the Author
No items found.

Read more of our recent insights, ideas and points of view, curated by our expert network:

How can we help you today?
B Corporation
UK IT Industry Awards Winner
Tech Talent Charter
ISO 27001
DevOps award win
Business Declares