Censys: The World of Attack Surface Management
Cloud adoption in the enterprise is increasing, but many companies are struggling to secure these new initiatives. This is according to FireMon, which recently announced the results of its State of Hybrid Cloud Security Survey in a press release.
Overall, the survey polled over 400 information security professionals in order to gauge the challenges associated with hybrid cloud initiatives. Ranging from operations to C-level execs, respondents provided information on their practices in regards to maintaining network security.
Cloud security challenges
60% of the respondents agreed that their cloud-based initiatives are accelerating faster than their security efforts. In fact, the survey also revealed that security personnel were completely absent from some cloud business initiatives.
In addition to this, just 56% said that network security, security operations or security compliance teams are responsible for cloud security. For the remainder of respondents, IT/cloud teams, application owners or other teams outside the security organisation are responsible.
The relationship between security and DevOps is also inconsistent across organisations. As a result, this can reportedly impact the consistency of cloud security controls as more companies implement "as-a-Service" cloud models.
DevOps and security issues
In some cases, DevOps and security operated in an aligned fashion. However, 39% of respondents said they are using Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Software (SaaS) models simultaneously.
Over 30% of respondents also indicated that they are part of the DevOps team. Nevertheless, 30% reportedly had a complicated, contentious, or non-existent relationship with DevOps.
"The results of our survey are compelling, but not surprising. In large, complex enterprise environments, budget constraints, lack of clarity around which team is responsible for cloud security, and the absence of standards for managing security across hybrid cloud environments are impairing organisations’ ability to secure their cloud business initiatives,” said FireMon Vice President of Technology Alliances Tim Woods.
As Woods points out, "a new generation of security technologies and processes" are integral to solving the issue. This also involves integrating these technologies with DevOps, providing end-to-end visibility, continuous security and compliance across hybrid environments.
How can cloud-based projects benefit your business? Take a look at the Top 10 companies innovating with the cloud for inspiration