CIOs are still concerned when it comes to Enterprise cloud security
A new research from CloudLock about Enterprise Cloud security reports that more than a quarter of cloud apps connected to corporate environments were seen as high risk. The firm’s Q2 2016 Cloud Cybersecurity Report, gave a generally pessimistic warning over the threats of shadow IT. From 2014 to 2016, CloudLock has observed an almost 30 times increase in apps used under shadow IT, from 5,500 to almost 160,000. What’s more, over half of third party apps are banned because of security concerns.
“The shift to the cloud creates a new, virtual security perimeter that includes third-party apps granted access to corporate systems,” said Kaya Firat, CloudLock director of customer insights and analytics. “Today, most employees leverage a wide variety of apps to get their jobs done efficiently, unwittingly exposing corporate data and systems to malware and the possibility of data theft.”
Another Enterprise cloud security survey, gathered responses from 2,200 professionals from the Information Security Community on LinkedIn, also found that almost half (48%) of respondents believe that cloud apps are less secure than on-premises applications.
That leaves some questions about cloud security confidence and the issue couldn’t be more top of mind in today’s enterprise IT environment. According to the study, one of the major barriers to cloud adoption is the fear of data loss and leakage (49%). It’s not surprising that this is a concern; in the news are many data breaches and those are just the ones being reported, says Holger Schulze, founder of the LinkedIn community and author of the Cloud Security 2016 Spotlight Report
The following are reasons why Enterprise Cloud security is still a concern.
- Security has a hard time keeping up with cloud development
World-wide spending on public cloud infrastructure — hardware and software — is expected to reach $38B this year and $173B by 2026. “Most security vendors were not surprised but overwhelmed by the rapid adoption of cloud and they may not have ramped up enough,” says Schulze. He also notes that cloud computing is just a whole lot more complex than traditional environments. The dynamic nature of cloud environments — workloads moving from one data center to the next and sometimes in different time zones — is difficult to secure.
- Proper tools are still missing!
59% of respondents believe that traditional network security tools/appliances worked only somewhat or not at all. “Most of the security platforms and tools today…have not been built for the cloud,” says Schulze. “They were designed for traditional IT environments, traditional data centers and networks hosted in a physical data center, in your data center” [and] security tools were designed around that static environment.
“It turns out, not surprisingly, that these security tools do not work at all in the cloud,” says Schulze, which, unlike traditional environments are not static but highly virtualized and dynamic. “It’s completely putting on its head the traditional network model.” he says.
- Storing and accessing data in the cloud could result in a lawsuit
With the proliferation of data breaches, companies are realizing that it can be a liability to host data in the cloud. According to the survey, legal and regulatory compliance fears moved from the No. 7 concern in 2015 to No. 4 in 2016.
Schulze attributes the rise to organizations’ decisions to store and access more types of data in the cloud. As companies have seen the benefits of cloud: cost, speed, agility – “they’re moving more business critical apps and data into the cloud and that whole notion of compliance is kicking in.”
- Lack of visibility and the fear of letting go
Some respondents fear not having control over data if it’s hosted in a public cloud. If they’ve been breached they might not see it, noting that over half of respondents indicated that they do not believe their cloud environment has been breached and over half also believe that the cloud is more secure.
- Security is still just an afterthought
It turns out enterprises might have reason to fear cloud security since a frightening 15% of respondents said that security is completely ignored in their organization’s continuous development methods. 46% said that security slowed down DevOps. The good news is that 31% of respondents said that security is fully integrated in with DevOps. Built-for-cloud-security products must have the technology and know how to protect the company’s data.