Confusion over Security Responsibility in Cloud
-
Confusion over Security Responsibility in Cloud
IT professionals are migrating to the cloud, yet they are unclear about public cloud shared responsibility for security. -
IT Professionals Ignorant of Shared Responsibility in the Cloud
40 percent of respondents believe that their cloud service provider protects their applications and data. 34 percent believe security is their own company's responsibility. -
Despite Confusion, Rapid Migration to Cloud
60 percent of respondents said they already have or will soon move their IT infrastructure to the cloud. 15 percent plan to migrate, but will retain some on-premises capabilities. 25 percent have no plans to move to the cloud. -
Proactive Organizations
Organizations are being proactive when it comes to cloud-based application and data security. 55 percent have encrypted at least half of their internal traffic. 50 percent of large enterprises have unified security policy management across hybrid deployments. -
Advanced Persistent Threats
49 percent of respondents have a security solution that can prevent Advanced Persistent Threats that use application files as breach vectors. -
Identity Applications
63 percent of respondents said they have some ability to identify apps or services operating in their public cloud. -
Ability to Enforce Policies
66 percent of respondents have some ability to enforce application-level access control policies in their public cloud. -
Control of File Movement
67 percent of respondents have some ability to see or control file movement and application flow in the public cloud environment. -
Ability to Block Malware
67 percent of respondents said they have some ability to block application flow vulnerabilities or malware in their public cloud environment. -
General Approaches to Cloud Security
Asked what general approach they have adopted for public cloud infrastructure security, respondents reported as follows: Network-based: 28%, Host-based: 17%, Application-based (WAF): 16%, Next Generation Firewall (NGFW): 17%, I don't know: 10%, None of the above: 13% -
How Do You Prevent Data Exfiltration?
To monitor and analyze in- and outbound traffic to prevent data exfiltration, respondents do the following: Monitor and analyze: 51%, No monitoring and analysis, but plan to do so within six months: 15%, No monitoring and analysis, but plan to do so 6 to 12 months from now: 11%, No plans to monitor and analyze: 23%
Most IT professionals do not fully understand the public cloud shared responsibility model for securing applications and data and may believe their cloud providers have more responsibility than they in fact do, says a new study. Responsibility for security industry standards and compliance is shared between cloud service providers, customers and partners. The provider may relieve a customer's operational burden by operating, managing and controlling the host operating system components and virtualization layer to the physical securities of the facilities. A managed service partner takes responsibility and management for the guest operating system, including updates and security patches, data protection and application software security, and configuration of the cloud provider's security group firewalls. One thousand enterprise IT professionals participated in the survey, 73 percent of whom are unclear about security responsibilities, prompting 2nd Watch's Jeff Aden, co-founder and EVP of Marketing and Strategic Business Development, to comment that "many could stand to learn more about the shared responsibility model used by the major public cloud providers."