Rush to the cloud pits speed of adoption against ensuring security

News by Mark Mayne

The widespread drive to adopt cloud services is exposing a growing rift in UK enterprises between speed of adoption and cyber-security, according to a new study.

The majority (68 per cent) of cyber-security professionals working in large organisations in the UK say that a rush to adopt cloud services is preventing businesses from taking full account of the security risks.

Just over half of respondents (51 percent) report misalignment between them and the rest of business on cloud and cyber-security issues, including cyber-security's role in making cloud adoption successful. The fallout of this misalignment is that only one in 10 (10 percent) of UK cyber-security professionals said they were able to maintain a consistent, enterprise-class cyber-security across their cloud(s), networks and endpoints. Just under half (47 percent) said they would aspire to would like to have the same consistent visibility, command and control over cyber-security across all areas.

Javvad Malik, security advocate at AlienVault told SC Media UK that while cloud security is rapidly maturing, hybrid deployments can prove a challenge: “In hybrid environments organisations can often be susceptible to blind spots that fall between the cloud and on premise environments. Many instances have occurred where organisations do not monitor the cloud with as much rigor as on premise environments because they wrongly believe the cloud provider will manage those aspects of security for them.

“The biggest challenge around visibility is where legacy monitoring and threat detection capabilities cannot span across cloud and on premises environments. These can be resolved by taking security into consideration when cloud is adopted by having a simplified toolset that can monitor both cloud and on premises environments in the same way, giving complete visibility and eliminating blind spots.”

Paul Walker, technical director, One Identity, agreed that challenges around cloud security still remain, however: “There is still a significant security challenge around cloud…and not around cloud.  The fact is that significant security challenges remain, every day and in every location. All you have to do is read today's or yesterday's headlines. In fact, according to the Dell Digital Transformation Survey Report  only 18 percent of organisations said security has been involved in all digital transformation initiatives, a primary example being cloud, and three out of four admit that security comes in too late in this process.

“In order for the market to mature, security vendors need to include both on-prem and cloud security as a design principle as opposed to an afterthought.  This “cloud security by design” principle will make it easier to enhance and expand security without decreasing user productivity.”

Concerningly, the survey found that UK cyber-security professionals feel under-consulted on cloud security matters, with just over one quarter (27 percent) saying they have the correct level of involvement in the security of cloud services. Moreover, morale is low, especially with public cloud deployments, with less than half (39 percent) being very confident that existing cyber-security in the public cloud is working well, even for sensitive areas like finance.

The survey was conducted for Palo Alto Networks and polled businesses across Europe and the Middle East that are actively adopting the cloud for their data, applications and services needs.

Greg Day, vice president and regional chief security officer for EMEA at Palo Alto Networks commented: “Cloud computing is transforming how organisations consume IT, and by definition, this must change how organisations consume cyber-security too. It is essential that cyber-security is not perceived as an obstacle by the wider organisation, and instead is seen as enabling the business to achieve its goals. Equally, cloud is the enabler for the next evolution of cyber-security, providing the platform for cyber-risk analytics on massive volumes of security data to identify and prevent malware attacks at the pace required for today's digital organisations.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews