Subscribe to Email Updates

Subscribe

cloud-it.png

Survey finds hybrid cloud security growing pains

By George V. Hulme on Nov 07, 2017 | 0 Comments

There’s no doubt that enterprises are embracing cloud computing, but not-so-surprising that enterprises repeatedly say that they need heightened visibility and security management capabilities so they can more effectively deploy applications, defend against cyberattacks, and mitigate regulatory compliance risks, a recent survey found.

These results come from the Hybrid Cloud Environments: State of Security survey by cloud security vendor AlgoSec, which found 32 percent of respondents plan to increase their public cloud usage in the next 18 months, but the majority harbor significant concerns about cyberattacks and breaches in their “hybrid” cloud environments.

Seemingly, if enterprises focused more on effective ways to automate they may find their cloud deployments running much more smoothly.

According to the survey: 

  • Respondents’ greatest concerns about their applications in the cloud are cyberattacks (58%), unauthorized access (53%), and then by application outages and misconfigured cloud security controls.
  • Nearly 40% of respondents say that security is inhibiting further adoption of cloud platforms.
  • Biggest security management challenges enterprises face in hybrid environments are a lack of visibility (63%) and managing security policies consistently (61%).
  • They are manual cloud migration gear jams: 44% have difficulty managing security policies post migration, 32% have difficulty mapping application traffic flows before starting a migration project, and 30% reported that their applications did not work after the cloud migration.
  • Surprisingly, only 26% of respondents said they use automation to manage security in their hybrid environments, while 20% use manual processes. (Which begs the question: What are the other 54% using?)

Interestingly, from the study, larger organizations run a higher proportion of their workloads in the cloud. The survey also found that 45% of organizations with 5,000 to 10,000 employees and 40% of organizations with over 10,000 employees run 21% to 60% of their workloads in the public cloud, compared to 37% for all organizations. It would make more sense that smaller organizations with less legacy environments with which to contend would have fewer workloads and a higher percentage in cloud. Perhaps this points to just how rapidly enterprise workloads have grown in recent years.

Fortunately, or unfortunately — depending how one looks at it — the challenges organizations faced in a similar survey conducted three years ago which found that the greatest challenges to be, in order: security visibility, maintaining and demonstrating compliance, and troubles implementing security policies in the public cloud.

The report authors believe that the security challenges organizations face when managing security across hybrid cloud environments include the use of multiple security tools that do the same things for on-premises and cloud and a high percentage relying on manual processes.

The survey also found that when organizations use different public cloud platforms they are likely (often required) to use different native cloud toolsets for each platform.

No wonder so many orgs are having a challenging time with visibility.  

Finally, the survey also found that many organizations lack the expertise or resources to manage their clouds. A small 7 percent of respondents were reported they had no concerns over their expanding their cloud adoption.

Not surprisingly, those respondents who are CIO or CISO expressed more security concerns than other execs.

 

blog-machine-learning-742px.jpg

Share This Post On

Author: George V. Hulme

George V. Hulme is an internationally recognized information security and business technology writer. For more than 20 years Hulme has written about business, technology, and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness, and dozens of other technology publications.