Enterprises embracing hybrid cloud, but need better visibility and security management processes to accelerate cloud application deployment, and prevent cyberattacks and compliance violations
Most enterprises face major challenges when managing security across their hybrid enterprise networks both during and after cloud migrations, according to the new ‘Hybrid Cloud Environments: The State of Security’ survey from AlgoSec, the security policy management vendor.
The international survey of 450 senior security and network professionals reveals the insecurities around enterprises’ hybrid cloud strategies. While nearly a third (32%) plan to increase their public cloud usage in the next 12 to 18 months, the majority harbor significant concerns about cyberattacks and breaches in their hybrid environments, and encounter problems with their visibility and security management processes.
Key findings from AlgoSec’s ‘Hybrid Cloud Environments: The State of Security survey include:
- Security concerns front and center: respondents’ greatest concerns about their applications in the cloud are cyberattacks (58%) and unauthorized access (53%), followed by application outages and misconfigured cloud security controls. These concerns are hampering wider use of public clouds, with nearly 40% of respondents saying security is inhibiting further adoption of cloud platforms.
- Cloud obscures security visibility, hampers security management: the biggest security management challenges enterprises face in hybrid environments are a lack of visibility (63%) and managing security policies consistently (61%). Demonstrating compliance and managing a mix of traditional and virtual firewalls and cloud security controls were also cited as major issues. These challenges highlight the need for solutions that can manage and automate security processes holistically across both cloud and on premise networks.
- Manual cloud migration mishaps: respondents reported a range of problems when migrating applications to public clouds. 44% had difficulty managing security policies post migration, 32% had difficulty mapping application traffic flows before starting a migration project, and 30% reported their applications did not work after the cloud migration: emphasizing the need for automation solutions that can manage this highly complexprocess end-to-end to ensure migrations proceed smoothly.
- Automation benefits in hybrid clouds: 26% of respondents said they use automation to manage security in their hybrid environments, with 20% using manual processes. Enterprises that used automation said the top reasons for doing so were speed and accuracy of security changes, ability to speed up migrations to the cloud, providing audit reports and enforcing compliance, and helping to overcome staffing limitations – highlighting the security and operational benefits of automation.
“The survey clearly shows that most enterprises are driving their business transformation strategies by expanding their usage of public cloud infrastructure. But they also have significant security concerns about how they will secure and manage their increasingly hybrid environments,” said Joanne Godfrey, director of communications at AlgoSec. “As organizations increase their public cloud deployments and migrate applications, it’s essential that they have complete visibility across both their on premise and cloud networks, together with the ability to automatically and holistically manage their security policies. This enables them to better protect the business and fulfil compliance demands, while taking full advantage of the cost savings and agility offered by the hybrid cloud model.”
Conducted in Summer 2017, the survey polled 450 C-level executives, and senior security and network professionals in organizations worldwide, from a range of industry sectors. All the companies that participated in the survey were required to have at least some of their business workloads in the cloud.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.