Cloud services, now more than ever, are considered the norm. According to a survey we conducted with ESG, 91% of organizations are actively using cloud-based infrastructure-as-a-service (IaaS) and/or platform-as-a-service (PaaS) as part of their IT strategy. Yet, more than two-thirds - 69% - of the 150 CISOs and senior network administrators we surveyed agreed that their organizations are still learning how to apply security policies to public/private cloud infrastructure. When you consider the growing cyber threats and the potential impact of cyber attacks that were not contained properly, I'd say there's a problem.
Entitled Cloud Computing and Network Security Operations Transformation, the survey's goal was to gain a better understanding of these professionals' plans for adopting software-defined networking, private cloud and public cloud, and how these plans impact network security oprations. What we found was that, while enterprises have plans to adopt additional SDN and cloud platfroms, infosec teams aren't adequately prepared for this transformation.
So, what does this mean for enterprise IT security professionals as they try to manage security policies to contain cyber attacks? For starters, there's a clear need for greater visibility, control, and automation.
Moving Up into the Cloud
There was no surprise in the results around rapid adoption of cloud and SDN technologies at enterprise organizations. We also found that enterprises are using, or plan to use, more than one public cloud vendor, as well as multiple SDN platforms. The proliferation of cloud platforms and technologies will have a direct impact on the challenges of network security operations.
Based on the results, the top three factors making network security operations more difficult today compared to two years ago are:
- Having more devices (55%)
- Having more types of networking and security technologies (52%)
- Deploying numerous new applications (50%)
These difficulties will be exacerbated by the adoption of multiple cloud platforms, making network security operations nearly impossible to manage.
Security and the Cloud
The majority of respondents confirmed multiple challenges around managing security policies of public/private cloud platforms:
- 69% strongly agreed or agreed that the organization is still learning how to apply its security policies to public/private cloud infrastructure
- 62% strongly agreed or agreed that it is difficult to get the same visibility into cloud-based workloads as they have in their physical network
- 56% strongly agreed or agreed that current network security operations and processes lack the right level of orchestration and automation needed for the cloud
- 56% strongly agreed or agreed that it is difficult to audit network security controls in the cloud
Cloud security is a shared responsibility between cloud vendors and customers. Considering that security teams are responsible for defining the right security levels for their resources in the cloud, not being able to apply and audit security policies in the cloud is a major concern.
Security Skills and Operations Are Lacking
The truth is ugly: cloud security skills are not where they should be. In fact, 49% of organizations currently operating a private cloud, using public cloud services, or both, don't feel the security team has the right level of cloud computing skills to provide the same types of network security controls and management as it does physical infrastructure.
Between the shortage of skilled staff and the complexity of the heterogeneous network, security policy orchestration and automation is becoming increasingly important. While 85% of survey respondents agree with the importance of automation, only 23% of those organizations feel confident in their current level of cloud orchestration. In short, the CISOs we surveyed understand the benefits of automation and orchestration, but aren't using it.
Preparation is Key: Are You Ready?
If managing network security policies has been challenging until now, this new research confirms that the adoption of cloud is about to make it nearly impossible to ensure security and compliance of heterogeneous networks without the right tools. So, be prepared and get ready with a central management console for visibility, control and orchestration of security policies across physical networks and hybrid cloud platforms.
Click here to learn more about this new research and share your views and comments with us below.