The second part in Aptum’s four-part Cloud Impact series – The Security and Compliance Barricade – cross-examines privacy and security concerns of organizations and takes a deep dive into the common defence, compliance, and governance challenges affecting them as they digitally transform.
Security as a driver
In recent years, the following message has been promoted: user data is safer in cloud infrastructures than in on-premise environments. This claim has been validated by 91 percent of Aptum’s respondents reporting a high degree of success in improving their security when migrating to the cloud, and an impressive 42 percent see complete success.
While early adopters of cloud infrastructure may have had legitimate concerns over cloud security; those days are long gone. Investment in cloud security policies has made it almost impossible for an on-premise solution to be as secure and resilient as a cloud solution. Now organizations can leverage the immense physical security of a cloud provider’s data centers as well as the ability to control governance and access from the point of cloud deployment. In addition to this, organizations now have access to enhanced managed security services such as Web Application Firewalls (WAFs) and Managed Detection and Response (MDR) that managed service providers build into cloud deployments.
With those comprehensive services in mind, it is easy to see why over half of all survey respondents (51 percent) list security as a business driver for their investment in cloud services.
Security as a barricade
While cloud computing has improved the overall standard of enterprise security, cloud transformation has exposed new challenges. Part one of Aptum’s Cloud Impact Study, Bridging the Cloud Gap, found that respondents are increasingly taking a hybridized approach to their cloud set up. The shift is explained by the need to offer more flexible working options, strengthen business continuity plans and generally bolster agility.
As a result, the top three challenges that respondents cite as barriers to security, governance and compliance are commonly associated with the management, or mismanagement, of more complex infrastructures:
- 85 percent of respondents cite a lack of a clear mechanism to detect and respond to threats across all cloud environments
- 82 percent of respondents cite access management to multiple cloud environments
- 81 percent of respondents cite a lack of visibility into all cloud environments through a single portal
The move towards a hybrid approach to cloud leaves organizations with systems distributed across traditional and private cloud environments. As cyber criminals move to faster, more frequent attacks, the need to eradicate any security blind spots across all environments is of the utmost importance.
But it can be a challenge to manage and have visibility into a cloud environment that abstracts data and applications away from the hardware. A multi-cloud environment only exacerbates this problem. For IT teams ill-prepared to manage an array of new ecosystems, more problems could be created than solved without the right tooling strategy.
Taking a strategic approach
For the most part, organizations are successful in utilizing the cloud to secure their data, but complexity stops many of them from fulfilling all of their security and data governance goals. So, how can they solve their complexity problems to unlock the full security benefits of a cloud environment?
Security should be a priority at all stages of the cloud transformation process, from initial concept through design, implementation, and ongoing operation. Taking a comprehensive approach to cloud computing, where security principles are embedded in the designs, will help organizations understand the tools they need in place to ensure visibility and control over all their workloads, whether they be in public or private cloud environments.
*Aptum commissioned research company, Vanson Bourne, to survey 400 executives in the US, Canada, and the UK. They spanned business unit heads (58 percent), business leaders (22 percent), and departmental managers (21 percent). across industries including IT, financial services, professional services, manufacturing, retail, and the public sector. Business sizes ranged from 500 employees upwards.