The cloud moves too fast for security say 60 percent of security pros
Cloud-based business initiatives are accelerating faster than security organizations' ability to secure them according to 60 percent of respondents to a new survey.
The study by network security company FireMon also finds that in many cases security personnel are not even included in cloud business initiatives.
Only 56 percent of respondents say that network security, security operations or security compliance teams are responsible for cloud security. In the remaining 44 percent of cases, IT/cloud teams, application owners or other teams outside the security organization are responsible for cloud security.
The relationship between DevOps and security is similarly inconsistent. 39 percent of respondents say they are using Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) models concurrently. 30.7 percent of respondents say they are part of the DevOps team, as part of the emerging DevSecOps trend. However, 30 percent indicate their relationship with DevOps is either complicated, contentious, not worth mentioning or non-existent.
Enterprises are introducing complexity into their environments by deploying multiple solutions on-premise as well as across multiple private and public clouds. The survey results show 59 percent of respondents use two or more different firewalls in their environment, with 67 percent also using two or more public cloud platforms.
More than 80 percent of respondents say they are struggling with the limitations and complexity of tools used for managing security across hybrid cloud environments. Only 28 percent say they are using tools that can work across multiple environments to manage network security.
"The results of our survey are compelling, but not surprising. In large, complex enterprise environments, budget constraints, lack of clarity around which team is responsible for cloud security, and the absence of standards for managing security across hybrid cloud environments are impairing organizations' ability to secure their cloud business initiatives," says FireMon's vice president of technology alliances Tim Woods. "This problem will only be solved with a new generation of security technologies and processes that fully integrate with DevOps and provide end-to-end visibility and continuous security and compliance across hybrid environments."
You can read more in the full report available from the FireMon site.