Story image

Cloud workloads at risk from security, management and compliance failings – research

10 Jan 2018

Security, management and compliance challenges are impacting the benefits businesses are receiving from using the cloud as their infrastructures become more complex, new research from WinMagic has found.

39% reported their infrastructure was more complex since using the cloud, and 53% spend more time on management tasks than they have done previously.

Falling short on securing the cloud

98% of the 1,029 IT decision-maker respondents reported using the cloud, with an average 50% of their infrastructure up in the sky.

Over one-third (33%) of respondents reported that data is only partially encrypted in the cloud, and 39% admitted to not having unbroken security audit trails across virtual machines in the cloud, leaving them exposed. 

Asked about their top three concerns on future workloads in the cloud, 58% reported security as their top concern, followed by protecting sensitive data from unauthorised access (55%) and the increased complexity of infrastructure (44%).

On average companies had to use three encryption solutions to protect data across the cloud and on-premises infrastructure, illustrating one of the main ways this complexity emerges.

Compliance confusion

Responsibility for the regulatory compliance of data is a significant area of confusion, with only 39% considering themselves ultimately responsible for the compliance of data stored on cloud services.

Worryingly, 20% believe it is solely the responsibility of the cloud service provider, whilst a further 20% believed they were covered by their cloud service provider’s SLA.

Further, only a quarter (25%) of respondents have automated tools to ensure compliance rules are not broken.

New legislation, such as the EU General Data Protection Regulation which comes into enforcement in May 2018, will see companies required to carefully manage the encryption, storage, use and sharing of personally identifiable information.

As some people know by now, failure to comply can result in fines equivalent to 4% of annual turnover or €20m, whichever is the greater.

Companies should already have an appointed Data Protection Officer, to ensure compliance and mitigate risks. 

“The stakes for companies were already high, with data breaches increasing in frequency and scale,” says WinMagic chief operating officer Mark Hickman.

“EU GDPR reinforces the care that must be taken with data. The simple fact is that businesses must get the controls in place to manage their data, including taking the strategic decision that anything they would not want to see in the public domain, must be encrypted.”

Management tasks are frustrating IT teams

Expanding infrastructure into the cloud has come at a cost for the majority of companies, with a greater burden on IT teams.

Over half (55%) reported needing to use more management tools since migrating workloads to the cloud, sometimes needing multiple tools for the same task.

Over half (53%) reported spending more time on management tasks than ever before. Asked what they would use the time saved on management tasks for they said:

  • IT projects needed to support the business (50%)
  • Accelerate projects that are currently stalling (42%)
  • Improving security (36%)

Hickman adds, “At its heart, using heterogeneous cloud environments is making it harder for businesses to manage security and compliance, leaving staff firefighting rather than focusing on new projects that will benefit their businesses.

“Companies need to think about choosing management tools that are cloud agnostic, and remove complexity.”

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.