Traditional Security Is Ineffective in the CloudBy Samuel Greengard | Posted 05-19-2016
Within the span of a few short years, cloud computing has rolled through the enterprise. According to RnRMarketResearch.com, the global cloud market will exceed $250 billion by 2020 and there appears to be no end to the growth.
It's clear that clouds are radically changing the way business and IT functions take place. They're introducing opportunities that would have been unimaginable with legacy IT infrastructures. Yet organizations are struggling to manage the change.
"As organizations increase investments in cloud infrastructure, they are seeking a similar level of security controls and functionality to what's available in traditional IT infrastructures. However, they are finding traditional security tools ineffective in the cloud," said Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn.
A new report from Crowd Research Partners, Cloud Security: 2016 Spotlight Report, highlights some of these challenges. Among the key findings:
*Security concerns top the list of barriers to cloud adoption led by general security concerns (53 percent, up from 45 percent last year), legal and regulatory compliance concerns (42 percent, up from 29 percent), and data loss and leakage risks (40 percent). The rise in specific concerns about compliance and integration suggests that companies are accelerating implementations.
*Unauthorized access through misuse of employee credentials and improper access controls is the single biggest threat (53 percent) to cloud security. This is followed by hijacking of accounts (44 percent) and insecure interfaces/APIs (39 percent). One in three organizations say external sharing of sensitive information is the biggest security threat.
*The vast majority (84 percent) of respondents are dissatisfied with traditional security tools when applied to cloud infrastructure. Respondents say traditional network security tools are somewhat ineffective (48 percent), completely ineffective (11 percent), or can't be measured for effectiveness (25 percent) in cloud environments.
*The top three security headaches for organizations moving to the cloud include the following use cases: verifying security policies (51 percent), visibility (49 percent), and compliance (37 percent). These results suggest that companies are further along in implementation of cloud models compared with last year and they are looking for security solutions that enhance the capabilities provided by service providers.
*Organizations migrating to the cloud have a variety of ways to to strengthen cloud security. 61% of organizations plan to train and certify existing IT staff, 45% partner with a managed security services provider, and 42% deploy additional security software to protect data and applications in the cloud.
Amid all the changes—including clouds and APIs that interconnect with other organizations—CIOs. CSOs, CISOs and others involved with cyber-security must fundamentally rethink how to safeguard systems and data. There is no perimeter.