Firewall software management provider FireMon conducted research for its second annual State of Hybrid Cloud Security report. It asked 522 IT and security professionals, primarily from North America, whether hybrid cloud security is more easily managed this year than it was last year when the company performed its inaugural survey. The answer was no.
There are three main reasons that hybrid cloud security is such a challenge for enterprises:
1. Increased Complexity and Scale Due to Cloud Adoption
With, as Gartner reports, adoption of cloud-based services growing at three times the rate of other IT services, hybrid cloud security is becoming more complex. Almost half of FireMon’s survey respondents say their enterprises use two or more different public cloud platforms, and 90 percent use at least one public cloud platform. And almost 60 percent of survey respondents say that they are deploying new cloud services faster than they can adequately secure them.
When public cloud platforms are a part of the equation, FireMon found that there’s confusion over who is responsible for security. Around 20 percent of respondents who use one or more as a Service solutions say they don’t understand where security obligations lie. This breaks down into 21.8 percent of Software as a Service (SaaS), 20.7 percent of Platform as a Service (PaaS), and 18.8 percent of Infrastructure as a Service (IaaS) users.
Respondents considered the top three hybrid cloud security threats to be misconfigurations or the wrong set-up, unauthorized access, and ransomware and malware.
2. Lack of Automation
Manual hybrid cloud security processes are time-consuming and error-prone; however, one-third of those answering the FireMon survey report that they don’t manage security through automated processes. Another third use a combination of manual and automated processes.
About 30 percent of survey respondents say they use native tools to secure the hybrid environments. These tools, however, often don’t integrate with other systems and lack automation. A quarter of respondents say their biggest challenge in managing network tools across their hybrid cloud environments is a lack of a centralized view of data. Another 17 percent are challenged by the number of suites and consoles they have to maintain — with too many to easily keep up with.
These challenges are significant enough to stand in the way of cloud adoption, along with concerns over:
- Industry/regulatory/internal compliance
- Unclear or potential hidden costs
- Lack of visibility into known and unknown network assets
- Internal organization politics
3. Overburdened Security Teams
Globally security teams with ever-increasing workloads are feeling the impact of a shortage of cybersecurity professionals. Two-thirds of respondents to the FireMon survey say that their security teams consist of ten people or fewer, 45.2 percent of respondents say their security teams are made up of fewer than five people.
Moreover, 59 percent of security teams manage both on-premises network and cloud security for their organizations, 78.2 percent of respondents state that less than a quarter of their security budgets are spent on the cloud, and 44.8 percent say that less than ten percent of their budget goes to cloud security, although most expect their cloud security budgets to increase next year.
Security teams also struggle with their intra-organizational relationship with DevOps. Only a third of survey respondents say that DevOps has had a positive impact on their security operations.
Can Enterprises Possibly Be Comfortable with the Status Quo?
When FireMon looked at the data from this survey compared to last year’s, they found that the state of hybrid cloud security, due to complexity, lack of automation, and skilled security personnel shortages, hasn’t improved over the past year. Businesses and organizations will surely be open to solutions that can relieve those burdens and pave the way to a smoother transition to the cloud.