Orchestrating Security in the Cloud

Published: Friday, 18 September 2015 07:50

CloudPassage has announced the results of research indicating that lack of visibility into cloud deployments and associated provider security practices and controls is a source of major dissatisfaction amongst IT professionals. The ‘Orchestrating Security in the Cloud’ report is based on a survey sponsored by CloudPassage and administered by the nonprofit SANS Institute, which involved 485 IT professionals.

"Overall, lack of visibility into cloud provider operations and controls stands as the largest issue respondents experienced with their providers," noted report author and SANS analyst Dave Shackleford. Lack of visibility and control plays a major role in other pain points cited in the survey results, including deficient incident response support (with lack of visibility cited), selected by 48 percent of respondents; lack of virtual machine and workload visibility, selected by 46 percent; and provider-introduced vulnerabilities resulting in a breach or incident, experienced by 26 percent.

Shackleford reported that many respondents are struggling not only with cloud providers, but also with internal teams in their efforts to detect and respond to cloud-based security incidents effectively: "Although most organizations have not experienced a breach in the cloud, security teams are concerned about illicit account and data access, maintaining compliance and integrating with on-premise security controls. In addition, visibility into cloud environments remains a challenge as does implementing cloud-focused incident response and pen testing processes."

The Orchestrating Security in the Cloud survey also found that hybrid cloud architectures are now the most favoured / favoured, with 40 percent currently using them and 43 percent planning to move in that direction in the next 12 months. Private cloud implementations are the second most used at 38 percent, while only 12 percent of respondents indicated their organizations use public cloud implementations.

Other key findings include:

The survey respondents came from a mix of small and larger organizations, with 38 percent having 1,000 or fewer employees, 24 percent over 15,000 employees and the remainder having between 1,000 and 10,000 employees. IT security operations (administrators and analysts) were most highly represented in the pool of participants, with network operations, systems administration and IT management also well accounted for.