Security Not Keeping Up with Cloud-First Business Strategies
About 35% of organizations in a new survey said they’re taking a “cloud-first” approach to their business – meaning that all new projects are done in the cloud. However, 40% of respondents felt that their security solutions aren’t as flexible and scalable as the rest of their cloud initiatives.
According to Hurwitz & Associates’ Balancing Velocity and Security in the Cloud report, which surveyed 85 IT leaders from the Americas and Europe, nearly 50% of participants said they are taking a selective approach to the cloud, where significant and large projects are being developed or migrated to the cloud while others will continue to remain on-premises.
“Customers are increasingly depending on cloud computing to support the need for business agility and speed of transformation,” said Dan Kirsch, vice president and principle analyst at Hurwitz & Associates. “However, to be successful, business leaders need assurance that cloud security is handled in a predictable manner through automation to ensure compliance and predictability.”
In the cloud, continuous integration practices shorten cycle times and improve efficiency. Yet when confronted by this increasingly complex and dynamic network environment, it is difficult for security to keep pace.
“The high velocity and scale of public clouds are shattering everything the security industry has assumed for the past 10 years,” said Sanjay Karla, co-founder and chief product officer at Lacework, which sponsored the survey. “The acceleration of cloud adoption is now paving the way for security teams to deploy automated security solutions that naturally augment security teams’ ability to continuously validate their cloud configuration for security and maintain secure daily operations in the cloud.”
The survey indeed found that automation is critical. Almost all respondents (95%) agreed that “cloud automation is increasingly important to meeting our business goals.”
When it comes to security practices (and “safe and secure” was the No. 1 cloud characteristic according to 53% of respondents), 85% recognized that cloud security is different than traditional data center security. Nearly three-quarters agreed that “controlling vulnerabilities related to unpatched software is a challenge,” although another 78% agreed that “we fix security vulnerabilities fast enough to avoid significant business risk.”
Only 35% of respondents felt that “security limits our ability to maximize the benefits of DevOps and operations automation.”
Source: Information Security Magazine