On-premise vs cloud – which rates as more secure?
- 02 May, 2018 14:37
In a world increasingly driven by cloud-based digital transformation, cybersecurity remains a stubborn roadblock. Although organisations increasingly understand their responsibilities, they’ve yet to take advantage of the native and cloud-ready security tools available to them.
That’s why 56 percent of organisations believe their on-premise security is superior to their cloud set-up, according to a recent survey sponsored by Barracuda. This must change if organisations want to unlock true value from the cloud.
The DevOps journey
We all know why organisations are migrating more of their workloads to public cloud environments. To be competitive in an increasingly unforgiving marketplace, development teams must be given the right tools to respond quickly and with agility to changing business demands.
Emerging container and serverless computing platforms like those offered by Docker, Kubernetes and AWS Lambda can provide the kind of IT agility developers are increasingly demanding to power DevOps initiatives. Containers are virtualised at the operating system (OS) layer, meaning they start quicker and use less memory than virtual machines.
Unfortunately, while cloud environments offer many advantages to the modern enterprise, they also create additional complexity, which in turn opens up security gaps. Virtual machines and workloads can be updated to deliver vital security patches, but containers must effectively be replaced to do so.
The sheer number of containers running in your environment may mean some get overlooked. Recent reports indicate that hackers are exploiting unprotected containers to install crypto-mining malware, for example.
These aren’t the only security challenges coming from the cloud, of course. User access control is another big one. When creating new identities and access policies, many organisations grant users too many privileges, set overly loose group policies or misconfigure systems. This exposes them to the risk of compromise or accidental data exposure. Verizon and Accenture are two highly publicised examples in the last year, putting millions of customers at risk due to misconfigured systems.
A shared responsibility
The good news is that understanding of cloud security seems to have advanced over the past year. When polled in 2017, the vast majority of IT leaders believed that their public IaaS provider was responsible for securing customer data, applications and operating systems. But the latest Barracuda survey reveals that 76 percent of global organisations believe cloud security to be a shared responsibility.
The concerning part is that elsewhere there appears to be a disconnect between the tools and technologies available to them and their awareness of such tools. The truth is that cloud-ready tools exist right now to help organisations secure traffic flows between on-premise and cloud environments; protect workloads in the cloud; and enforce policies seamlessly across environments.
Other native tools offered by public cloud providers include: automated security assessment service Amazon Inspector; IP traffic monitor Amazon VPC Flow; unified security management and threat protection service Azure Security Centre; and remote network monitoring service Azure Network Watcher.
Cloud-ready next generation firewalls are also available to lock down risk and provide a more secure foundation on which to build digital transformation efforts. Yet, just over a third of global firms have deployed them according to the survey, despite the majority using next generation firewalls on-premise.
Features like integration with cloud-native capabilities, simple deployment and configuration by DevOps teams, and distributed policy enforcement, were all sought after by survey respondents. They all exist today.
The good news is that half plan on deploying such tools in the future. But we need that figure to rise further if we want to drive improvements in cloud security across the board.
Mark Lukie is a senior sales engineer for Australia and New Zealand at Barracuda Networks. He has over 16 years’ experience in networking, security, backup/disaster recovery, public cloud platforms, as well as systems integration. For more information, visit: https://www.barracuda.com/