IT professionals are starting to realize just how different securing a cloud computing environment is from traditional on-premises IT environments. A survey of 167 IT professionals conducted by Enterprise Strategy Group (ESG) on behalf of Threat Stack, a provider of intrusion prevention platform, finds 62 percent are looking to gain more visibility into workloads running on public clouds and that 31 percent say they are unable to maintain security as their cloud and container environments grow.
Most IT professionals are familiar with the security issues associated with spinning up virtual machines in a public cloud. But recently developers having been embracing Docker containers as a method to more easily package and distribute code. A Docker container is a lightweight executable package that includes everything needed to run it, including the code, runtime, system tools, system libraries, settings. The trouble is that most IT organizations don’t have tools that provide any visibility into what’s inside those containers.
A full 42 percent says their organizations have deployed containers, while another 45 percent say their organizations plan to start testing or deploying them. And yet, there is almost unanimous agreement (94%) who says they believe containers have negative security implications for their organizations.
Clearly, the benefits of productivity are once again outweighing security concerns. But this time there is a difference. Customer pressure to secure IT environments is building. A total of 60 percent of survey respondents report that security and compliance an obstacle to winning new business. Specifically, 57 percent say significant delays in the sales cycle can be attributed to trouble meeting customer security requirements. while 59 percent reported the same issue around meeting customer compliance requirements. Accordingly, the report finds nearly one in three of all investments in cloud security is now driven by the need to satisfy customer and partner compliance demands.
Those challenges will only increase as the IT environment becomes more hybrid. A total of 40% percent of the respondents say they IT environments will become hybrid in the next 12 months. The issue that many of them will have to address is that cloud security by definition needs to be programmable. IT security professionals that are used to managing virtual security appliances deployed on-premises via a user interface are going to find themselves woefully left behind. Developers simply won’t tolerate any approach to IT security that isn’t driven by application programming interfaces (APIs). Given all the interest in hybrid cloud computing, it’s now also only a matter of time before programmable approaches to security, otherwise known as software-defined security, are also applied to on-premises environments as well.
One of the biggest issues arguably facing IT security professionals today is how to insert themselves into a DevOps team in a way that enhances security without slowing down the speed at which applications are being developed. Developers are more conscious of application security issues than ever before. But asking developers to be aware of every infrastructure security issue and a maze of compliance issues isn’t a reasonable expectation. The real challenge is going to be finding a way to impart that information to developers in a way that they can not only consume but also programmatically deploy the appropriate level of security inside and around their applications.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.