The single biggest issue with cloud security is not the quality of the products and services being provided, but rather the ability of the organizations to properly implement them. Security consistent comes up as the primary issue organizations are hesitant to embrace cloud computing. And yet, there has yet to be a major security breach that can be attributed to a cloud service provider. Just about all the breaches of any consequence had to do with someone choosing to not implement the security controls provided.
A new survey of 853 organizations conducted by Netwrix Corp., a provider of end user visibility and governance tools, finds that in one shape or form employees were considered responsible for 58 percent of security breaches in 2017. Just under half (45%) said their own employees where considered the main threat when it comes to cloud security.
The truth of the matter is that concerns about cloud security have a lot more to do with the organizations trying to take advantage of the cloud than it does the cloud service providers. In fact, three quarters of respondents (75%) say that their cloud provider’s security controls are equal to or better than their own on-premises controls. Alas, the Netwrix survey also finds that only 39 percent of the respondents have any means of monitoring user activity in the cloud. It’s little wonder that many cybersecurity professionals are still more than a little apprehensive about cloud computing. While existing IT security processes may be far from perfect they at least exist. In contrast, most IT organizations have not completely worked out how to extend those processes out to a public cloud.'It should be obvious by now to all that a substantial number of application workloads will either be developed on or moved into a public cloud.'Click To Tweet
The good news is more than half (53%) of respondents plan to strengthen their security policies in 2018. Over half (55%) will start that effort by focusing on employee training. Other steps being taken include deploying security automation solutions from vendors (39%) or using in-house solutions developed by the IT organization (36%). Some companies (17%) also plan to hire more security professionals. But given how hard it is to find and retain that talent, it’s not surprising that most organizations are looking to leverage more of what limited cybersecurity capabilities they have by relying more on, for example, automation and, hopefully one day soon, artificial intelligence.
Of course, it’s not entirely clear how many IT professionals raise cybersecurity concerns simply to forestall moving workload to the cloud. Control over application workloads can be a highly politicized issue inside an IT organization. Every workload that moves to the cloud is sometimes viewed as one less reason to have an internal IT team dedicated to managing a local data center.
Despite those concerns, it should be obvious by now to all that a substantial number of application workloads will either be developed on or moved into a public cloud. The challenge now is figuring out how best to go about securing those workloads at a time when internal employees are still their own worst cybersecurity enemies.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.