Cloud Security

Organizations still struggling with cloud security

Organizations still struggling with cloud security
Written by ga_dahmani
Organizations still struggling with cloud security

A dozen years ago, when organizations were still in the early stages of cloud computing adoption, the biggest hurdle was security. SMEs, in particular, did not seem to understand what the cloud was, and were particularly stymied by the challenge of keeping information transmitted and stored in the cloud safe from data leaks.

Of course, it was also a time before smartphones and apps were ubiquitous in the workforce, and long before a pandemic changed the way the world worked. Cloud adoption today is mainstream in all business operations; In 2021, nearly half of corporate data was stored in the cloud, according to statist.

What is holding companies back from an even higher rate of cloud migration and adoption? It’s the same problem as a decade ago: security concerns. according to a study From Confluera, while nearly all respondents said they want to expand cloud deployments, two-thirds said the biggest obstacle to that move is cloud-specific threats.

“Unlike the security concerns of a decade ago that focused on the architecture and design of cloud services, today’s concerns are based on modern cyberthreats targeting and, in some cases, taking advantage of technology. cloud to benefit from the attack,” John Morgan, CEO of Confluera, in an email interview. “While many organizations have the security budgets and tools to protect end devices and on-premises servers, very few have a similar focus on cloud services. They are challenged to identify if existing tools and processes provide the necessary security coverage in the cloud.”

IT teams unprepared for security challenges

Although organizations have embraced multiple cloud applications over the years, IT has yet to catch up. In fact, Douglas Murray, CEO of Valtix, said the only question mark for further adoption is the ability of IT and security teams to fully operate and protect at the speed with which business requirements dictate. They must work with a patchwork of on-premises tools moved to the cloud and vendor-specific services that require new skills and processes, slowing business agility around security.

“Each public cloud platform requires its own approach to security, which is also different from the data center,” Murray said. “Cybersecurity leaders often lack staff with enough knowledge to necessarily address cloud security the way it should across a single vendor, let alone across multiple clouds.”

Getting more comfortable with cloud security

Moving to the cloud is a challenge for many organizations. IT and security teams will have to deal with protocols, processes, and tools that were built around traditional application architectures that don’t necessarily translate well to the cloud. In turn, security doesn’t translate well, or the threats aren’t as familiar or understood as threats to the traditional infrastructure setup.

Getting more comfortable with cloud security requires the ability to better assess the services in use (or those being considered) and the organization’s overall security readiness for the cloud.

“Not all cloud services are created equal,” Morgan said. “IT security can have a good handle on the security measures taken for a specific cloud application. However, SOC analysts cannot easily assess the security of servers and cloud workloads running on popular infrastructure-as-a-service (IaaS) platforms such as AWS and Microsoft Azure. The flexibility of cloud services to grow and shrink based on business needs also makes it difficult for analysts to assess their security exposure.”

Therefore, Morgan recommended that cloud and multi-cloud adoption strategies include attention and budget for cloud security.

“Many organizations, after trying and failing, recognize that simply extending traditional security measures and processes to the cloud simply doesn’t work,” Morgan said. “SOC analysts who are on the front lines of cyberattacks should be engaged early to discuss and strategize the overall cloud security approach and architecture. Failure to do so will result in adoption delays due to security coverage complications or, in some cases, due to violations.”

About the author

ga_dahmani

Leave a Comment