Story image

Cloud misconceptions aplenty in 2018 – Here’s a rundown

23 Mar 18

Given cloud’s meteoric rise into mainstream it’s no surprise that there are a few misunderstandings surrounding its ins and outs.

Barracuda Networks public cloud EMEA director Chris Hill says these days most organisations regardless of size use it to a certain extent. Despite this, misconceptions remain about the technology – particularly on security.

To garner some deeper insights into the situation, Barracuda conducted global research in February 2018. As part of this, 164 respondents in EMEA were asked about their experiences and attitudes when it comes to security in the cloud. Some of the main findings included:

People still believe on-premises security is better than cloud

57 percent of respondents stated their on-premises security as superior to cloud.

“However, using security tools specifically designed for the public cloud can actually make a business more secure than they were when they operated purely on-premises,” says Hill.

“What was promising was that the shared security model was largely well known by respondents, with 71 percent expecting cloud security to be a responsibility that’s shared with cloud vendors. Just 19 percent think cloud vendors are solely responsible.”

The cloud is redefining the role of the firewall

The vast majority (82 percent) have concerns about deploying firewalls in the cloud, with 41 percent citing ‘pricing and licensing not appropriate for the cloud’, and 39 percent naming ‘no centralised management creating a significant overhead’ as their top two concerns.

“Other concerns included next generation firewalls simply not being practical for cloud environments and the lack of integration with native security tolls from cloud vendors,” says Hill.

“Interestingly, organisations seem to find value in cloud-specific security features, with 95 percent saying cloud-specific firewall capabilities would help them. 71 percent cite the most beneficial quality as ‘integration with cloud management, monitoring, and automation capabilities,’ and 59 percent cite being ‘easy to deploy and configure by cloud developers’ as the second most beneficial capability.”

Traditional security remains a bottleneck for DevOps

58 percent have adopted DevOps, DevSecOps, continuous integration and continuous deployment (CI/CD) methodologies. In terms of regions, EMEA was slightly in front of the US on 53 percent and behind APAC with 63 percent.

“Of the organisations that have adopted, 95 percent have faced challenges integrating security into those practices,” says Hill.

“The top challenge reported was ‘limitations with existing security solutions’. Security processes not being changed was also voted as a high scorer.”

Moving forward

Hill says the technology has evolved and now it’s our turn.

“We’re continuing to see questions and concerns around how organisations should be approaching security along with their cloud deployments, especially from larger companies. There still seems to be a lack of understanding in cloud security, and a misplaced belief that on-premises security is a lot stronger,” says Hill.

“One thing is for sure: as the move to cloud only increases in pace, for organisations that are used to operating under traditional data centre architecture, moving to the cloud will require a new way of thinking when they approach security.”

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.