Story image

Cloud misconceptions aplenty in 2018 – Here’s a rundown

23 Mar 18

Given cloud’s meteoric rise into mainstream it’s no surprise that there are a few misunderstandings surrounding its ins and outs.

Barracuda Networks public cloud EMEA director Chris Hill says these days most organisations regardless of size use it to a certain extent. Despite this, misconceptions remain about the technology – particularly on security.

To garner some deeper insights into the situation, Barracuda conducted global research in February 2018. As part of this, 164 respondents in EMEA were asked about their experiences and attitudes when it comes to security in the cloud. Some of the main findings included:

People still believe on-premises security is better than cloud

57 percent of respondents stated their on-premises security as superior to cloud.

“However, using security tools specifically designed for the public cloud can actually make a business more secure than they were when they operated purely on-premises,” says Hill.

“What was promising was that the shared security model was largely well known by respondents, with 71 percent expecting cloud security to be a responsibility that’s shared with cloud vendors. Just 19 percent think cloud vendors are solely responsible.”

The cloud is redefining the role of the firewall

The vast majority (82 percent) have concerns about deploying firewalls in the cloud, with 41 percent citing ‘pricing and licensing not appropriate for the cloud’, and 39 percent naming ‘no centralised management creating a significant overhead’ as their top two concerns.

“Other concerns included next generation firewalls simply not being practical for cloud environments and the lack of integration with native security tolls from cloud vendors,” says Hill.

“Interestingly, organisations seem to find value in cloud-specific security features, with 95 percent saying cloud-specific firewall capabilities would help them. 71 percent cite the most beneficial quality as ‘integration with cloud management, monitoring, and automation capabilities,’ and 59 percent cite being ‘easy to deploy and configure by cloud developers’ as the second most beneficial capability.”

Traditional security remains a bottleneck for DevOps

58 percent have adopted DevOps, DevSecOps, continuous integration and continuous deployment (CI/CD) methodologies. In terms of regions, EMEA was slightly in front of the US on 53 percent and behind APAC with 63 percent.

“Of the organisations that have adopted, 95 percent have faced challenges integrating security into those practices,” says Hill.

“The top challenge reported was ‘limitations with existing security solutions’. Security processes not being changed was also voted as a high scorer.”

Moving forward

Hill says the technology has evolved and now it’s our turn.

“We’re continuing to see questions and concerns around how organisations should be approaching security along with their cloud deployments, especially from larger companies. There still seems to be a lack of understanding in cloud security, and a misplaced belief that on-premises security is a lot stronger,” says Hill.

“One thing is for sure: as the move to cloud only increases in pace, for organisations that are used to operating under traditional data centre architecture, moving to the cloud will require a new way of thinking when they approach security.”

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.