IT security has for quite a while been referred to as a superb motivation not to place any touchy information or significant jobs into the public cloud. In any case, as of late it is protected to say that the present circumstance has changed. Indeed, the CyberArk Global Advanced Threat Landscape Report 2019: Focus on Cloud tracked down that by far most (94%) of the 1,000 worldwide associations reviewed utilized cloud benefits here and there, shape or structure. In particular, associations frequently convey cloud administrations to help their computerized change activities.
The public cloud is likewise not just sent for low-esteem information or irrelevant resources. Maybe, it generally has touchy information and applications. For example, almost 50% of the respondents are utilizing SaaS-based business basic applications and a comparable rate utilize the public cloud for directed client information.
Yet what is surprising is that the survey revealed there existed a significant contrast between what organizations see as the major benefit derived from their use of cloud, as opposed to their understanding of who was accountable for cloud security.
The prime benefit that the organizations surveyed hoped to see from their usage of the cloud was the ability to offload security to the cloud vendor, either completely or in part. This result is potentially alarming, to say the least. Cloud vendors take responsibility for certain aspects of security when companies use their services, but they are very clear about where their clients must step in and assume accountability.
Protecting customer data remains the responsibility of the client and cannot be passed on entirely or even in part to the cloud vendor. As more and more cloud-native companies are entering the market, being in the cloud will soon be a business imperative, and those who don’t adopt it will be left behind. This creates a race to the cloud that leaves many companies putting the security question second — when it should actually be at the core of their cloud adoption strategy.
On top of this, the survey highlighted that three-quarters of respondents, perhaps blindly, entrust the security of their cloud workloads completely to the cloud vendor. At the same time, half this number realizes that this will not provide them with broad protection — and yet, they do it anyway. At this point, it is obvious that the shared security responsibility model, which is clearly communicated by major cloud vendors, is either not well-understood, or simply being completely ignored by many organizations.
Keeping up with the threat landscape
So, why are companies consistently placing the security responsibility on cloud vendors, rather than address the issue themselves? Although companies face a variety of distractions, including cloud and scalability issues, it could be down to an organization’s security culture not keeping pace with the threat landscape. A security culture requires nurturing to make it ‘sustainable’. When a security culture is ‘sustainable’, it transforms security from a one-time event into a lifecycle that generates ongoing security returns.
Without the right security culture and protection in place, many businesses and IT stakeholders are putting their applications and organizations at risk by delegating security. Indeed, business-critical applications are the engine that keeps firms running. While the adoption of cloud and SaaS means a shift in thinking is needed as these key applications are delivered or accessed from elsewhere, advantages such as reduced development costs and improved scalability must not distract from the need to keep security front and center. While they are busy successfully implementing digital transformation strategies in their businesses, they are failing to protect the costly investments that run their enterprises and keep customers coming back.
As cloud-based infrastructures become mainstream, it is essential to understand the associated security vulnerabilities and how best to secure company data and the applications that house and manage it. Such considerations cannot be left solely to the responsibility of cloud vendors, especially when they make it clear that the responsibility has to be shared. It is time for organizations to regain ownership of their cloud security strategies.