Last year, IDG estimated that 96 percent of organizations had adopted the cloud in one form or another. So you would think that the move to the cloud would be all but over. The problem is that “the cloud” is not a very precise term. Because, when you dig into the details, the landscape is a little more fluid than those number might make it seem.
One complicating factor is multi-cloud. According to Rightscale, organizations today are using an average of 3 private clouds and 2.7 public clouds. They run applications in about 3 of them and are testing about 1.7 more.
However, according to a recent IHS Markit survey, 74% of organizations that had moved an application into the public cloud have subsequently decided to move it back into their on-premises or private cloud infrastructure.
Of course, this doesn’t mean they reversed all of their cloud deployments. But it is a trend that not many folks are talking about. It turns out that the cloud story is far from over. Nearly half of respondents, for example, noted that they had moved cloud deployments back into their infrastructure as part of a “planned temporary” deployment to support an IT transition such as a merger or acquisition. Other factors at work include unexpected costs, poor cloud performance, new regulations, and changes in underlying technologies.
However, by far, the biggest challenge is security. According to IDG’s 2018 Cloud Computing Survey, respondents said they plan to move a full half of their public cloud installed applications to either a private cloud or non-cloud environment over the next two years, primarily due to security concerns. The problem is, in their rush to adopt a cloud strategy, many CSOs misunderstood the nature of cloud security. And as a result, according to Gartner, 95 percent of cloud security failures are ultimately the fault of the customer and not the cloud provider.
Even those organizations using a single cloud infrastructure still have to select, deploy, configure, and manage their security systems, and a misconfigured cloud firewall is just as vulnerable as a physical one. That is easier said than done. Most of the IT staff dedicated to security have little cloud experience, and DevOps teams building out cloud applications and environments have little expertise when it comes to security. And organizations certainly don’t have the resources needed to manage the security of several different environments simultaneously. Let’s take a quick look at some of the mitigating factors:
Securing each of these cloud instances is a challenge, especially for organizations with limited IT staff or who are feeling the pain of the current cybersecurity skills gap. But that is the easiest of the problems. Cloud environments, especially public clouds, come with a variety of security tools that can be selected and deployed with the usual efforts associated with configuration, proper deployment, and ongoing management. The trick here is that cloud environments are highly elastic and continually evolving, so security strategies and solutions need to be able to adapt to those changes.
The challenge is that these problems are all compounded by a hybrid cloud environment – especially one that merges a physical network with private and public cloud environments. Managing the fluidity between private cloud and public cloud and keeping both secure is not just a difficult task; it is one that few organizations are prepared to succeed at. Ensuring consistent security for the applications, workloads, and other resources – and the data they leverage – that move across and between different cloud environments involves a nearly impossible level of complexity when the right strategies and tools aren’t in place.
Anyone looking to maintain a secure hybrid cloud environment needs to have a master security strategy and desired operational model definition in place before they begin. IT staff and budget are unlikely to change, so before a single device is deployed or a single application is leveraged, organizations need a plan that allows them to scale their network footprint – and associated attack surface – essentially using the same resources they had before they began. That requires an understanding of cloud security issues that most CSOs and their staff do not possess.
To begin, here are four critical concepts that need to be understood before such a plan can be developed.
Cloud deployments are likely to remain in flux for the foreseeable future while organizations determine the best place to keep data, applications, and other digital resources. And while they work to get their figure out the serious issues of cloud security. In the meantime, IT leaders need to establish a security framework that guides the adoption and deployment of new cloud services so that digital transformation doesn’t result in your company being a victim of some of today’s determined and highly organized cybercriminal organizations.
Check back to the blog for more on the cloud:
We are hosting an event with Fortinet on September 25th at Biff’s Bistro in Toronto. Join us to learn how the Fortinet Cloud Solutions can help you seamlessly expand your network into the cloud and support your organization’s security goals. Register here!