I became familiar with the challenges of navigating the cloud early in life. As a child, I heard my father recount his experience of bailing out of a burning B-17 bomber in 1945. As he plummeted through the clouds, he found to his horror that his parachute would not open. He described the feeling of panic and disorientation that came from free falling while enveloped in opaque white fog. The chute eventually opened, though he was badly injured in the fall. Thus, when I hear people are struggling in the cloud today, I have a deep sense of empathy.
According to the FireMon report, 60% of security professionals they surveyed reported that the deployment of business services in the cloud has accelerated past their ability to secure them in a timely manner.
This year’s Cloud Security Alliance (CSA) conference, along with new research like FireMon’s 2020 State of Hybrid Cloud Security report, point to an increasingly complex and challenging cloud security landscape. While cloud computing offers remarkable advantages for businesses, it is also difficult to operationalize and even more perilous from a security perspective.
IT departments face growing expectations of cloud success, with ESG research revealing that the percentage of organizations committed to a hybrid cloud strategy increasing from 58% to 76% in the last two years. At the same time, according to the FireMon report, 60% of security professionals they surveyed reported that the deployment of business services in the cloud has accelerated past their ability to secure them in a timely manner.
This finding aligns with remarks made at CSA. Many companies are finding it hard to extend security policies from the data center into the cloud. The hybrid cloud, which connects on-premises assets with those in the cloud, makes things even more complicated. The FireMon survey found that nearly 50% of respondents were using two or more cloud platforms (e.g. Azure and AWS). Over 50% of respondents had three or more security policy enforcement points on their networks. Already, one can see how tricky it is to keep up with security policy definition and enforcement in a hybrid environment.
“A lot of companies are dealing with cloud sprawl,” said Tim Woods, FireMon’s VP of Technology Alliances. “They’re pushing data and applications out into the cloud, but finding they don’t have enough people to stay on top of security.”
“A lot of companies are dealing with cloud sprawl,” said Tim Woods, FireMon’s VP of Technology Alliances. “They’re pushing data and applications out into the cloud, but finding they don’t have enough people to stay on top of security.” The FireMon solution addresses this problem. It’s designed to make security teams more productive by leveraging security automation.
Another eye-opening data point in the FireMon report related to the shared security model. The customer typically bears a lot of responsibility for securing its assets in the cloud. The cloud provider is on the hook for the infrastructure, but not the software and data, etc. The FireMon survey stated that around 10% of respondents did not understand the shared security model. A further 7-11% did not know how their security responsibilities were shared.
It’s pretty shocking that a good one in five security people don’t quite know who’s supposed to be protecting what.
Those may seem like small numbers, but if we’re talking about large companies with valuable data in the cloud, it’s pretty shocking that a good one in five security people don’t quite know who’s supposed to be protecting what. In addition, 17% of those surveyed said that lack of visibility was the biggest challenge they found in securing their public cloud environments.
Woods did point out, though, that the major cloud providers are working to close the gap. “We’re seeing a lot of guidance, patterns and best practices coming out now,” he said. “The providers are showing clients how to architect for security.” At the same time, the burden still falls on the client to implement such practices.