In a world increasingly driven by cloud-based digital transformation, cybersecurity remains a stubborn roadblock. New research has shone further light on some of the challenges facing firms. Although organisations increasingly understand their responsibilities, they have yet to take advantage of the native and cloud-ready security tools available to them. That’s why over half (56%) believe their on-premise security superior to their cloud set-up. This must change if organisations want to unlock true value from the cloud.
The DevOps journey
We all know why organisations are migrating more and more of their workloads to public cloud environments. To be competitive in an increasingly unforgiving marketplace, development teams must be given the right tools to respond quickly and with agility to changing business demands. Last year, Barracuda Networks research estimated that the amount of infrastructure EMEA organisations are putting in the cloud will rise from 35% in 2017 to 63% by 2022.
Emerging container and serverless computing platforms like those offered by Docker, Kubernetes and AWS Lambda can provide the kind of IT agility developers are increasingly demanding to power DevOps initiatives. Sumo Logic reported recently that 27% of European organisations are using Docker, while Lambda use has almost doubled from 12% of its customers in 2016 to 24% in 2017. Containers are virtualised at the OS layer, meaning they start quicker and use less memory than virtual machines. Two-thirds of organisations that adopted containers accelerated developer efficiency, while even more accelerated developer efficiency, according to a recent Forrester report.
Unfortunately, while cloud computing environments offer many advantages to the modern enterprise, they also create additional complexity which in turn opens up security gaps. VMs and workloads can be updated to deliver vital security patches, but containers must effectively be replaced to do so. The sheer number of containers running in your environment may mean some get overlooked. Reports emerged recently of hackers exploiting unprotected containers to install crypto-mining malware, for example.
These aren’t the only security challenges coming from the cloud, of course. User access control is another big one. When creating new identities and access policies, many organisations grant users too many privileges, set overly loose group policies or misconfigure systems – exposing them to the risk of compromise or accidental data exposure. Organisations as varied as the US Department of Defense, Verizon and Accenture have been found wanting in the past, putting millions of customers at risk.New research: 76% of global organizations understand that cloud security is a shared responsibilityClick To Tweet
A shared responsibility
The good news is that understanding of cloud security seems to have advanced over the past year. When polled in 2017, the vast majority of IT leaders believed that the their public IaaS provider was responsible for securing customer data, applications and operating systems. But new research from Barracuda Networks reveals that 76% of global organisations correctly believe cloud security to be a shared responsibility.
The concerning part is that elsewhere there appears to be a disconnect between the tools and technologies available to them and their awareness of such tools. The truth is that cloud-ready tools exist right now to help organisations secure traffic flows between on-premise and cloud environments, protect workloads in the cloud, enforce policies seamlessly across environments and more. Yet Sumo Logic found that just 43% of European firms are making use of native security and compliance tool AWS CloudTrail, versus 51% in the US and 58% in Australia.
Other native tools offered by public cloud providers include: automated security assessment service Amazon Inspector; IP traffic monitor Amazon VPC Flow; unified security management and threat protection service Azure Security Center; and remote network monitoring service Azure Network Watcher.
Cloud-ready Next Generation Firewalls (NGFs) are also available to lock down risk and provide a more secure foundation on which to build digital transformation efforts. Yet, according to Barracuda Networks, just a third (34%) of global firms have deployed them, despite the majority using NGFs on-premise. Features like integration with cloud-native capabilities, simple deployment and configuration by DevOps teams, and distributed policy enforcement were all sought after by respondents. They all exist today.
The good news is that 50% plan on deploying such tools in the future. But we need that figure to rise further if we want to drive improvements in cloud security across the board.
Phil Muncaster is a technology writer and editor with over 12 years’ experience working on some of the biggest technology titles around, including Computing, The Register, V3 and MIT Technology Review. He spent over two years in Hong Kong immersed in the Asian tech scene and is now back in London where information security has become a major focus for his work.