Story image

Cloud misconceptions aplenty in 2018 – Here’s a rundown

23 Mar 2018

Given cloud’s meteoric rise into mainstream it’s no surprise that there are a few misunderstandings surrounding its ins and outs.

Barracuda Networks public cloud EMEA director Chris Hill says these days most organisations regardless of size use it to a certain extent. Despite this, misconceptions remain about the technology – particularly on security.

To garner some deeper insights into the situation, Barracuda conducted global research in February 2018. As part of this, 164 respondents in EMEA were asked about their experiences and attitudes when it comes to security in the cloud. Some of the main findings included:

People still believe on-premises security is better than cloud

57 percent of respondents stated their on-premises security as superior to cloud.

“However, using security tools specifically designed for the public cloud can actually make a business more secure than they were when they operated purely on-premises,” says Hill.

“What was promising was that the shared security model was largely well known by respondents, with 71 percent expecting cloud security to be a responsibility that’s shared with cloud vendors. Just 19 percent think cloud vendors are solely responsible.”

The cloud is redefining the role of the firewall

The vast majority (82 percent) have concerns about deploying firewalls in the cloud, with 41 percent citing ‘pricing and licensing not appropriate for the cloud’, and 39 percent naming ‘no centralised management creating a significant overhead’ as their top two concerns.

“Other concerns included next generation firewalls simply not being practical for cloud environments and the lack of integration with native security tolls from cloud vendors,” says Hill.

“Interestingly, organisations seem to find value in cloud-specific security features, with 95 percent saying cloud-specific firewall capabilities would help them. 71 percent cite the most beneficial quality as ‘integration with cloud management, monitoring, and automation capabilities,’ and 59 percent cite being ‘easy to deploy and configure by cloud developers’ as the second most beneficial capability.”

Traditional security remains a bottleneck for DevOps

58 percent have adopted DevOps, DevSecOps, continuous integration and continuous deployment (CI/CD) methodologies. In terms of regions, EMEA was slightly in front of the US on 53 percent and behind APAC with 63 percent.

“Of the organisations that have adopted, 95 percent have faced challenges integrating security into those practices,” says Hill.

“The top challenge reported was ‘limitations with existing security solutions’. Security processes not being changed was also voted as a high scorer.”

Moving forward

Hill says the technology has evolved and now it’s our turn.

“We’re continuing to see questions and concerns around how organisations should be approaching security along with their cloud deployments, especially from larger companies. There still seems to be a lack of understanding in cloud security, and a misplaced belief that on-premises security is a lot stronger,” says Hill.

“One thing is for sure: as the move to cloud only increases in pace, for organisations that are used to operating under traditional data centre architecture, moving to the cloud will require a new way of thinking when they approach security.”

Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.