Cloud Security Practices Are Trailing Cloud Operations


When migrating to – and operating in – the cloud, key considerations for every company are cloud security, compliance, reliability and costs. The benefits of moving business applications into the cloud are very clear. These include efficiencies, scalability and flexibility. However, the cloud also comes with its own unique challenges.  In a cloud-first world the security and privacy landscape are different.  Migration, implementation and integrations don’t always go smoothly, and misconfigurations can result in security issues.

Cloud Security And Compliance Are Top Concerns

Security becomes a bigger priority as organizations progress from cloud migration to cloud operations.  Enterprise cloud adopters are facing challenges with security and compliance, especially in hybrid environments where they have workloads in one or more clouds.

Virtual network security solutions provider, Ixia, recently surveyed IT professionals responsible for their company’s public and private cloud environments to identify their top concerns about managing cloud operations. Security and compliance are viewed as a top priority for IT pros with 93 percent of those surveyed indicating concern about data and applications security in the cloud.

Cloud Adoption On The Rise

Both public and private cloud adoption grew in 2018, with larger enterprises increasing their focus on public cloud, according to RightScale in its seventh annual State of the Cloud Survey.  Azure has grown rapidly among enterprise users and is now a close second behind AWS.  Companies appear to favor public cloud over private cloud with the number of respondents now adopting public cloud at 92 percent while the number of respondents now adopting private cloud is 75 percent.

A Multi-Cloud Strategy

The majority of enterprises (81 percent) have adopted a multi-cloud strategy, according to RightScale, with an increasing preference for multiple public clouds or multiple private clouds over a hybrid strategy. Enterprises with a hybrid strategy (combining public and private clouds) fell from 58 percent in 2017 to 51 percent in 2018.

Security Challenges In The Cloud

The cloud has significantly impacted the way IT teams approach security.  Security teams are striving to meet security challenges and address their top priorities of securing data and applications in the public cloud, all while satisfying compliance requirements. Some of these security challenges included limited visibility and insight, an expanding attack surface and a lag between cloud adoption and cloud security best practices.

Visibility In The Cloud

Encryption contributing to lack of visibility is driving public cloud security risks. Over half of all web traffic encrypted, but while this encryption offers security for businesses and customers, it also poses a security challenge as hackers are also using encryption to hide malicious traffic.  This is why complete visibility is needed that combines continuous inspection with multi-layered security tailored to the application environment.

Expanding Surface Of Attack

With an increase in cloud adoption, mobility, end-points, and explosive growth in the IoT comes a corresponding increase in attack surface.  While the motivations of threat actors change, their primary driver is still a payday.  As long as there continues to be financial incentives, enterprises will continue to be targeted and challenged by cybercriminals.  Businesses that fail to manage their digital risks are leaving their enterprise organizations wide open to potentially devastating consequences.

Growing Gap Between Cloud Operations And Cloud Security

With an uptick in cloud adoption and a high incidence of security misconfigurations, breaches where cloud is a factor are likely to continue as a trend in 2018. According to Ixia, research suggests cloud data breaches are up nearly 45% year over year. In another survey it was reported that nearly three quarters of companies studied had one or more serious security misconfigurations on AWS3.

While cloud adoption is now mainstream among companies, it would seem there is a significant lag when it comes to securing these cloud operations.

The Need For A Multi-Layered Security Approach

IT leaders are turning to a multi-layer security approach to combat the challenges of the constantly growing attack surface.  Firewalls and intrusion prevention can only go so far in protecting against attacks. Enterprises have to move beyond the traditional perimeter model of security.

In order to reduce the risk of potential data and privacy breaches, reputation damage and major disruption to business operations, companies need to address the challenges of visibility, multi-layer security, and management of public, private, and hybrid cloud resources. Meaningful security analysis, proactive threat hunting and detection solutions that use granular, network packet data to identify multilayer exploits and contain attackers is the new standard in security best practice.

In this cloud-centric world continuous visibility and a layered security is must. If you would like to learn more about how to achieve a multi-layered enterprise security posture, contact Ascension Global Technology.  Whether it is in relation to cloud migration, multi-cloud integration or improving visibility in your cloud environments, our friendly team will help improve your security performance and posture.


Ixia 2018 Security Report
Cloud Computing Trends: 2018 State of the Cloud Survey

Gain insights with more visibility in the cloud

Contact Ascension Global Technology to learn more about strategies for securing your cloud data and applications across your cloud environments.

Related Posts

Leave a Reply

About Us

"AGT" offers complete end-to-end security protection through technology tools, cybersecurity strategy, consulting, and project management services. From addressing specific security gaps to a full environment cybersecurity strategy. With services designed to improve any organization’s overall organizational security posture, AGT develops strategies to implement and deploy successful cybersecurity solutions to protect companies from data and financial loss.