Improved agility and scalability is a top benefit for adopting cloud infrastructure, but security concerns – notably involving customer data – are the big barrier holding back deployments, according to a new report commissioned by cloud security company CloudPassage.
Exactly 100 CTOs, CSOs and other IT professionals from organizations in a variety of industries were surveyed, and 74 percent said that improved agility and scalability is the top driver for adopting cloud infrastructure.
However, 66 percent named security concerns as the primary barrier that is impeding cloud infrastructure deployments, with 50 percent stating they are very concerned about the security of customer data in the public cloud, and 34 percent stating they are somewhat concerned.
When it comes to the factors driving security concerns about customer data, 56 percent said data ownership, 51 percent said location of the data, 51 percent said shared technology/multi-tenancy, 47 percent said lack of strong access controls, and another 47 percent said virtual exploits.
Amrit Williams, CTO of CloudPassage, told SCMagazine.com in a Monday email correspondence that conventional network security solutions do not transfer well to the cloud, but focusing on solutions that enable visibility and security at the workload level can help.
“The public cloud can be just as secure as your own data center; the IAAS providers do a great job of securing the underlying infrastructure,” Williams said. “With the shared security responsibility model of cloud IAAS providers, the key is focusing on the actual instances – a.k.a workloads – themselves.”
With regard to protecting data from theft and preventing breaches, Williams said to apply all the same best practices that would be applied inside the data center, including encryption in transit and at rest, strong access controls, and multifactor authentication.
“The key is to apply comprehensive controls on the workloads you run,” Williams said. “By automated and continuous scanning of security vulnerabilities, security configuration errors and security events combined with automated isolation and orchestration of workload firewalls against malicious inside-the-perimeter East-West traffic, you can have solid, resilient building blocks against breaches.”
Also in the report, 76 percent of respondents at least somewhat agree that visibility into attacks is lacking when it comes to applying traditional, non-cloud security in cloud infrastructure environments. Williams said the key to improving visibility is through automation and orchestration.
“Every system needs consistent, continuous visibility and that can only be achieved if the tools are put in place systematically and without human intervention,” Williams said. “The providers are getting better at providing some aspects of visibility, but it's a patchwork and every IAAS provider is different. This can be mitigated by using a platform that works on any cloud, at any scale, across all IAAS providers.”