Survey Highlights Need to Increase Visibility, Create New Workflows and Compliance Processes, and Reconsider Team Responsibilities to Secure Network Access in a Hybrid Environment
Boston, MA – (September 30, 2014) – AlgoSec, the market leader for Security Policy Management, today announced the results of its “Security Policy Management in Hybrid Cloud Environments” survey. The survey focuses on the network security challenges facing companies that are deploying or planning to deploy their business applications on public Infrastructure as a Service (IaaS) platforms. A key finding of the survey shows that 79 percent of organizations stated that they need better visibility in order to unify security policy management across their on-premise and public cloud environments.
Conducted in August 2014, the survey polled 363 information security and network operations professionals, data center architects, application owners and CIOs worldwide. 239 respondents (66 percent) reported they are currently deploying or planning to deploy business applications on an IaaS platform within the next 12-36 months. The following key findings are based on these 239 respondents, and include:
- Visibility is obscured by clouds – 79 percent of respondents agreed or strongly agreed that they need better visibility across on-premise data centers and public clouds. Two-thirds (66 percent) of respondents agreed or strongly agreed that it is difficult to extend the corporate network security policy to the public cloud.
- Lack of processes hinders cloud management and compliance – 59 percent of respondents noted the lack of operational workflows to manage network security in a hybrid environment. Demonstrating compliance on IaaS compared with on-premise data centers was another major issue, with 49 percent of those surveyed claiming difficultly.
- Disparate selection of security controls used across IaaS – Only a third of respondents (33 percent) use commercial network firewalls to protect access to their data in the cloud. 25 percent of respondents use provider controls such as Amazon Security Groups, and 10 percent use host-based firewalls.
- Companies are in the dark about security controls in the cloud – Worryingly, a third of companies that are planning to deploy business applications in the cloud within the next 12-24 months do not know which tools they will use to manage their network security policies in the cloud.
- Data and network security are the most challenging functions to migrate to public clouds – Network security is the second most complex function to migrate to the public cloud (following data security), and the most complex for small to medium size organizations.
- Responsibility for cloud security is fragmented – At small to medium size companies, security for business applications running in public clouds is handled mostly by IT Operations (70 percent). In the future, companies plan to transition this responsibility over to Information Security. At large companies, the responsibility is and will remain in the hands of Information Security (72 percent).
“Network security in public IaaS is fundamentally different compared to traditional on-premise data centers, which results in the myriad of operational, security and compliance challenges highlighted in this survey,” said Nimmy Reichenberg, Vice President of Marketing and Strategy at AlgoSec. “As organizations look to strategically adopt public IaaS, they must ensure they have holistic visibility and a platform that can manage their network security policy consistently across their entire environment.”
Contact CloudTweaks for infographic co-branding and sponsorship opportunities.