Backup Collaboration Mobile Security Storage Strategy Virtualisation

Compliance: the buck stops here

Article Type: Opinion          Published: 09-2016         Views: 1218      



Monica Brink of iland looks at why compliance and security are still the main blockers to cloud adoption, and how nine out of ten security professionals worry about cloud security.

According to the Cloud Industry Forum, 80% of UK companies are adopting cloud technology as a key part of their overall IT and business strategy. However, one of the perceived barriers to cloud adoption continues to be security/compliance.

One of the key aspects that we've found here at iland - borne out in a survey around cloud security that we conducted earlier in the year with independent analyst firm Enterprise Management Associates (EMA) - is that companies actually now consider cloud security to be superior to on-premise environments, but often expose themselves to risk by blindly relying on a glut of technology they are unable to actively manage.

Our survey found that 47% of security personnel admitted to simply trusting their cloud providers to meet security agreements without further verification. This highlighted that transparency continues to be a key issue, as many providers do not offer detailed insights into the cloud environment. Or, if they do, this is certainly not up to the same levels customers are accustomed to in their own data centre operations. At the same time, we also found that teams tend to throw technology at the problem; however tech alone will not solve the problem. Again, the survey showed that 48 percent more security technologies are deployed in the cloud than on-premise.

Furthermore, security features now top the list of priorities companies consider when selecting a cloud provider ahead of performance, reliability, management tools and cost. Therefore, our advice to companies is that it is really important firstly to verify your cloud provider's claims and, secondly, to ensure that you can properly leverage the technology that you are deploying.

One of the key problems that accentuate security issues appears to be around skills and staffing shortages. In fact 68% of organisations polled admitted that they have staffing shortages and 34% have skills shortages. While IT has made monumental progress in identifying and adopting necessary security technologies, cloud providers must do more to ensure teams can easily validate claims, manage disparate tools, anticipate threats and take action when needed.

Further, we can see there is a lack of understanding of compliance among IT personnel. While 96% of security professionals acknowledge that their organisations have compliance related workloads in the cloud, only 69% of IT teams identified the same. This gap could lead to exposures for the organisation if IT were to place a compliance-related workload into a non-compliant cloud provider.

And, finally, clearly defined responsibilities are needed both with your cloud service provider and within your own company, as clearly, where security is concerned the buck stops with you: there is no point claiming that you thought someone else had it covered. This is where DevSecOps comes in as the next evolution of DevOps whereby you make security the responsibility of every member of the team, at every step of the way, right from dev through to ops.

Right now and for the foreseeable future cloud adoption sees no sign of abating. Therefore, it is critical that we get security and compliance right. Otherwise it will continue to be a blocker for organisations and could hinder innovation and competitive advantage.
More info:

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top

PREVIOUS ARTICLE