Yet still misconceptions remain about the technology. In particular, on how best to secure it.
We wanted to lift the lid on these misconceptions, so in February 2018 we conducted some global research. As part of this, we asked 164 respondents in EMEA about their experiences and attitudes when it comes to security in the cloud. Here are some of the standout findings:
People still believe on premises security is better than cloud
Over half (57%) report their on-premises security as superior to cloud.
However, using security tools specifically designed for the public cloud can actually make a business more secure than they were when they operated purely on-premises.
What was promising was that the shared security model was largely well known by respondents, with 71% expecting cloud security to be a responsibility that’s shared with cloud vendors. Just 19% think cloud vendors are solely responsible.
The cloud is redefining the role of the firewall
An overwhelming 82% have concerns about deploying firewalls in the cloud, with 41% naming ‘pricing and licensing not appropriate for the cloud,’ and 39% citing ‘no centralised management creating a significant overhead’ as their top two concerns. Other concerns included next generation firewalls simply not being practical for cloud environments and the lack of integration with native security tolls from cloud vendors.
Interestingly, organisations seem to find value in cloud-specific security features, with 95% saying cloud-specific firewall capabilities would help them. 71% cite the most beneficial quality as ‘integration with cloud management, monitoring, and automation capabilities,’ and 59% cite being ‘easy to deploy and configure by cloud developers’ as the second most beneficial capability.
Traditional security remains a bottleneck for DevOps
Just over half (58%) of respondents have adopted DevOps, DevSecOps, or CI/CD (continuous integration and continuous deployment) methodologies. This was slightly higher in EMEA than the US (53%), with APAC storming ahead with 63%.
Of the organisations that have adopted, 95% have faced challenges integrating security into those practices. The top challenge reported was ‘limitations with existing security solutions’. Security processes not being changed was also voted as a high scorer.
So what does it all mean?
We’re continuing to see questions and concerns around how organisations should be approaching security along with their cloud deployments, especially from larger companies. There still seems to be a lack of understanding in cloud security, and a misplaced belief that on-premises security is a lot stronger.
One thing is for sure: as the move to cloud only increases in pace, for organisations that are used to operating under traditional data centre architecture, moving to the cloud will require a new way of thinking when they approach security.