Difficulty extending corporate security policy to the public cloud is an issue for more than half of respondents currently using a public IaaS platform.
Difficulty extending corporate security policy to the public cloud is an issue for more than half of respondents currently using a public IaaS platform.

Noting several organizations deploying or soon planning to deploy business applications on an infrastructure-as-a-service (IaaS) platform, network security policy management company AlgoSec surveyed 363 IT professionals to discover some of the challenges involved with securing a hybrid cloud environment.

A hybrid cloud environment is when an organization has an on-premise data center, which may be virtualized to some extent, but also contains some infrastructure and applications that are in the public cloud, Nimmy Reichenberg, VP of marketing and strategy at AlgoSec, told SCMagazine.com on Wednesday.

Elasticity, cost savings, and business agility, are some of the reasons why organizations may choose to adopt a hybrid cloud environment, but problems arise for traditional enterprises that do not know how to manage network security in the cloud and have no solutions that provide visibility and manageability with regard to security policies, Reichenberg said.

Difficulty extending corporate security policy to the public cloud is an issue for 54 percent of respondents currently using a public IaaS platform, and 62 percent of respondents found that network policy management in the public cloud is more complex than traditional data centers, the survey indicates.

Of respondents planning to deploy business applications on a public IaaS platform, 75 percent are concerned about extending corporate policies and 83 percent are concerned about having visibility across platforms, according to the survey.

However, those difficulties and concerns are not stopping adoption – 29 percent of respondents have already deployed business applications in a public IaaS and 37 percent expect to migrate business applications to a public IaaS within three years, the survey indicates.

Regarding the IaaS network security arena, 33 percent of respondents rely on commercial firewalls, 25 percent lean on provider controls and 10 percent use host-based firewalls – 28 percent do not know and four percent do not set a policy, according to the survey.

“In the traditional data center, what manages network access is the firewall,” Reichenberg said. “The cloud is a new platform. There's new security controls. The firewall does not rule the cloud yet. It makes it more challenging to manage the hybrid environment [and] to get visibility in the hybrid environment.”

So whose duty is it to manage security policies for public IaaS platforms? 70 percent of respondents working for organizations with 500 or fewer employees reported public cloud security being tasked to the IT Operations team, while 72 percent of respondents with larger companies reported the Information Security team being given the job, the survey indicates.

As far as the most challenging security function to migrate to the public cloud, 31 percent of respondents said data security and 24 percent said network security, according to the survey, which also reveals that Amazon Web Services (53 percent) and Microsoft Azure (44 percent) are public the IaaS platform leaders.