When it comes to cloud computing cybersecurity is always cited as the number one reason why organization don’t make more extensive user of these services. A survey of 150 attendees at the Black Hat USA 2019 conference conducted by Tripwire, a provider of managed services for maintaining compliance, sheds some light on just how much those concerns are impacting the rate at which organizations are deploying workloads in the cloud.
Just under half (49%) of the survey respondents said more than 50% of their organization’s data/workload is in the cloud. However, only 13% percent said more than three-quarters of their organization’s data/workload resides in the cloud. Those workloads and associated data also include software-as-a-service (SaaS) applications, so the amount number of workloads and associated data residing in a public cloud service is even less. Specifically, the survey finds 70% of respondents have adopted a SaaS application. On average, the survey also finds each organization is subscribing to 16 SaaS applications.New Survey: 84% of respondents say it is difficult for their organizations to maintain security configurations across cloud services. ~ @mvizardClick To Tweet
One of the major reasons there is some reluctance to embrace cloud services comes down to configuration management. A full 84% of the survey respondents said it is difficult for their organizations to maintain security configurations across cloud services. Of those, 17% said it was “very difficult.” Not surprisingly, 75% percent of survey respondents said it was easy to accidentally expose data residing on a cloud platform.
Furthermore, roughly a quarter (27%) of the survey participants said the Shared Responsibility Model for security between cloud service providers and their customers were “very clear.” A slightly higher number (28%) said the model was not clear, while the majority (45%) said the model was only somewhat clear.
Obviously, there’s a lot of room for improvement when it comes to cloud security processes. More challenging still, with the rise of microservices-based on containers and serverless computing frameworks, cloud computing is only going to become more complex to manage and secure. In fact, from a cybersecurity perspective, there’s not much visibility being provided into a raft of so-called cloud-native technologies that are being employed to build and deploy next-generation cloud applications.with the rise of microservices-based on containers and serverless computing frameworks, cloud computing is only going to become more complex to manage and secure. ~@mvizard #publiccloudClick To Tweet
Understandably, organizations that adverse to risk are going to tread carefully when it comes to cloud computing. This in part accounts for why after more than a decade of public cloud service being available, roughly 80% of all workloads are still running in on-premises IT environments. The challenge now is going to be developing a cloud security framework that works consistently across what has become a de facto hybrid cloud computing environment. Unfortunately, today each cloud platforms is managed and secured in isolation from one another, which only serves to increases the total cost of IT no matter how much money is saved deploying any one workload in the cloud. Until the day the management of those cloud computing frameworks becomes more unified, cybersecurity professionals are going to need to continue to exercise a lot of patience and forbearance.
In the meantime, it’s clear that more workloads are heading to the cloud than ever. Despite all the hype surrounding cloud computing, however, it’s also apparent cybersecurity concerns are having a major impact on the rate at which the transition to the cloud is occurring.
Mike Vizard berichtet seit mehr als 25 Jahren über Themen aus dem IT-Bereich und hat eine Reihe von Publikationen im Bereich Technologie herausgegeben oder zu diesen beigetragen – darunter InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet und Digital Review. Derzeit bloggt er für IT Business Edge und wirkt bei CIOinsight, The Channel Insider, Programmableweb und Slashdot mit. Mike bloggt außerdem über aufkommende Cloud-Technologie für SmarterMSP.