SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Organisations take cloud-first approach to security, though concerns remain
Tue, 31st Mar 2020
FYI, this story is more than a year old

Despite the fact that adoption for cloud security tools is on the rise, concerns remain around risk and ease of deployment.

This is based on research by Exabeam, the Smart SIEM company. The security practitioner survey focuses on security tools and cloud, highlighting that data privacy, unauthorised access, server outages and integration are key concerns.

According to the study, 52% of respondents began migrating to cloud based security products during or before 2018, with 18% waiting until 2019 and 3% starting in 2020. Finally 13% haven't started this process and the remainder don't know when they will migrate tools.

Of those that have commenced migration, 58% have migrated at least one quarter of security tools to the cloud, and one third have migrated 50% of security tools to the cloud.

According to Exabeam, one of the top reasons enterprises are moving security tools to the cloud is to minimise resources and overhead associated with owning and maintaining on-premises equipment and software.

As a result, security teams can avoid system sizing, maintenance, uptime management, and product upgrades.

Furthermore, reducing engineering effort to deploy and maintain new solutions allows security analysts to complete tasks faster and frees engineers up to focus on other projects, Exabeam states.

The survey shows that moving to the cloud results in improvements in monitoring and tracking of attacks (29%) and reduced maintenance (22%).

In addition, CAPEX reductions (18%), faster time to value (17%) and access to the latest features (13%) are benefits of making security tools cloud based.

When it comes to concerns, data privacy (30%) was the top of the list, with unauthorised access (16%), server outages (14%), integration with other security tools (14%), and data sovereignty (13%) also being raised.

Exabeam's survey also looked at why organisations are resistant to migrating to the cloud. The results suggest this largely comes down to a lack of understanding about the migration issue as a whole.

Around a third (32%) of respondents said they did not know what concerns their organisation has about moving security tools to the cloud.

Furthermore, despite about a third (32%) of respondents saying they consider it to be too difficult or too risky to migrate security tools to the cloud, nearly half said their preference is to migrate legacy products to the cloud (46%) rather than replace legacy on-premise products with new cloud-native security tools (54%).

As for the cloud based security tools utilised, Exabeam's survey finds organisations are protecting a variety of data types with cloud-based security tools, with email the most widely protected (22%), followed by customer information (21%), file-sharing (20%) and personnel files (18%).

However, few organisations (12%) have extended cloud-based security to protecting corporate financial information.

Exabeam security strategist Sam Humphries says, “As organisations modernise their security operations, SaaS solutions are increasingly becoming the deployment model of choice.

"While the results of this survey show that some security professionals still have concerns, having visibility into cloud services is vital and many organisations are now taking a cloud-first approach to security.

Humphries says, “We can expect more organisations to migrate their security tools to the cloud this year as security professionals increasingly see the benefits of hosted cloud offerings, which provide the full functionality of traditional on-premise solutions.

"Added benefits include reduced cost and maintenance issues, as well as eliminating the need to route cloud data to on-premises data centers.