The survey cited two main reasons security was such as top concern: First, securing access to and within public cloud environments has emerged as a relatively new discipline for IT organizations, many of which have spent decades securing apps, data and users using perimeter-based firewall approaches.
Second, security risks have increased as applications and data move from one environment to another. Some 58% of respondents said they are moving workloads and data between on-premises and public cloud environments weekly. And 82% of those surveyed also said they adopted a hybrid-cloud strategy, with at least one public-cloud service to run their internal and customer-facing applications.
When we look at the traditional model, where apps were running in a data center, there was a physical (and logical) perimeter and there was implicit trust within that perimeter, explained Vishal Jain, co-founder and CTO at Valtix. Jain said as enterprises migrate and build their apps in the hybrid cloud, there’s no real perimeter: connectivity between the apps, from internet to apps and apps to the internet is ubiquitous. The lack of visibility and control of that connectivity leads to security breaches and that explains why security ranks top-of-mind in the Cisco-451 survey.
“Enterprises need to understand that networking and security needs to follow a shared security in the hybrid cloud,” Jain said. “As enterprises move forward with hybrid cloud, they need to enable agility with security. Enterprises must take the wisdom and knowledge from the old data center paradigm, not old implementations. Lessons learned are critical — don’t ignore them in this new environment — but old tech transplants poorly. Cross-pollination will help a ton when it comes to benefitting from these lessons learned — get networking and security people cloudy, and cloud people steeped in networking and security.”
John Yun, vice president, product strategy at ColorTokens, added there’s no doubt that the supporting cloud environment adds additional security complexity. However, Yun said many of the expected complexities assume that an entirely new set of security must be overlaid on top of the cloud environment. In the case of deploying a new solution, the cost and time required to train and hire new security administrators becomes daunting. Even doubling the backend resources and budget would not suffice.
“Organizations should be aware that many security solutions have evolved greatly in recent years, in step with the increased adoption of the cloud,” Yun said. “Modern cybersecurity solutions, for example, can extend to enforce existing and already vetted security policies to the cloud, and initiatives such as the zero-trust concept can evolve. Organizations should take this opportunity to assess the appropriate tooling needed that is in sync with their cloud adoption strategy.”
Christopher Prewitt, chief technology officer at MRK Technologies, said that as the research shows, hybrid clouds are the new norm. Prewitt said there’s a real impact to investing and supporting multi-cloud from a security perspective.
“The more tools, the more environments, the more variability in any ecosystem creates risk,” Prewitt said. “Variability is often the enemy of security. The risk is largely having to be more of a security generalist for cloud rather than an expert in a particular provider. The controls are often very similar from an outcome perspective, but the configuration and deployment of controls across different cloud providers may vary."