Cloud Security: There Is Too Much at Risk to Learn on the Job
April 15, 2021
Aaron Sherrill, Senior Research Analyst, Information Security
For most organizations, adopting cloud computing is the first step in their journey to digital transformation. As we have witnessed, the pandemic has accelerated digital transformation initiatives and the move to the cloud for organizations of every size and in every industry.
The expectations for the cloud are high. Organizations envision instantly gaining greater efficiencies, lowering costs, acquiring increased agility and flexibility, and accelerating innovation. But the road to achieving these benefits is by no means automatic – it is plagued with many obstacles, especially in the area of security.
Security is one of the greatest challenges that organizations are experiencing with cloud adoption. According to 451 Research’s Voice of the Enterprise (VotE): Cloud, Hosting & Managed Services, Workloads and Key Projects 2020 survey, information security is the primary barrier to broader implementation of the public cloud for production applications. It should be no surprise that cloud security ranks as one of the top pain points plaguing enterprises, as organizations report that cloud platformexpertise is the top skill set missing from their security teams (451 Research VotE: Information Security, Organizational Dynamics 2020).
Although cloud providers are offering an increasingly robust portfolio of security measures, tools and services, only 27% of organizations report they have experienced better security and data protection as a result of their move to the cloud. At the same time, security is the top reason that enterprises have migrated workloads out of the public cloud (451 Research VotE: Datacenters 2020).
Organizations are realizing that protecting cloud workloads and data is often more complex and challenging than they had anticipated. It is not that public clouds are more or less secure than on-premises environments, but rather that the rapid change and high complexity that public cloud introduces to a traditional IT ecosystem is surpassing the capability and scalability of many security teams. In many cases, enterprises are adopting new technologies and computing paradigms faster than security teams can adapt their skills and tools to protect these modernizations.
Shifting the traditional mindset from securing well-defined enterprise borders to protecting dynamic and ephemeral workloads can be a significant obstacle for security and IT teams to overcome. Many security teams attempt to extend tools and controls designed to protect on-premises workloads into public cloud environments. While this approach offers some benefits (e.g., for workloads that have been lifted-and-shifted to the cloud), it often fails to deliver protection for modern cloud technologies such as containers, serverless workloads and microservices.
To scale with the enterprise’s rapidly evolving digital IT ecosystem, organizations must rethink how they secure and protect data and applications, and develop a cloud-centric approach to cybersecurity. For example, most enterprises surveyed (70%) point to security as the most influential factor when determining the best execution venue or location for workloads and applications. Security has now overtaken cost, reliability and performance concerns as organizations realize the broad impact that location has on the organization’s ability to protect workloads and applications at scale.
However, developing a cloud-centric approach to cybersecurity while dealing with cloud expertise gaps, inadequate security tools, competing priorities and a rapidly evolving threat landscape can feel like trying to change the tires on a moving car. There is too much at risk to learn on the job.
Organizations are discovering that leveraging the right partner is key to achieving the business outcomes they desire and fully realizing the transformative value of the cloud. To accelerate their cloud security capabilities, over a third of organizations surveyed indicate that they plan to work with a managed service provider (MSP). For most organizations, partnering with an experienced MSP can be an effective strategy to navigate the complexities that come with cloud adoption, providing the expertise, skills and capabilities required to secure and protect workloads and data residing in any environment.
Copyright © 2021 S&P Global Market Intelligence.
The content of this artifact is for educational purposes only. 451 Research, S&P Global Market Intelligence does not endorse any companies, technologies, products, services, or solutions. Permission to reprint or distribute any content from this artifact requires the prior written approval of S&P Global Market Intelligence.