Given the rate of growth of public cloud services, it’s hard to argue that security concerns are an impediment to adoption. Nevertheless, it’s also clear that cloud security is still a major issue inside most IT organizations.
A new survey of 2,200 IT security professionals, which was conducted by CloudPassage and LinkedIn and released this week, drives this point home. A full 53 percent cite security as a barrier to cloud adoption, followed by compliance (42 percent) and data loss and leakage (40 percent).
Those results might not come as a surprise to most IT service providers, but the way that those organizations intend to solve those problems just might. While 61 percent of respondents plan to train their existing IT staffs to come up to speed on IT security, it turns out that just under half (45 percent) also said they would be relying on managed services. Clearly, a much larger number of IT organizations are finally starting to realize that the complexity of IT security in the age of the cloud requires some external expertise.
The top three cloud security concerns cited by the survey respondents are unauthorized access through misuse of employee credentials and improper access controls (53 percent), hijacking of accounts (44 percent), and insecure interfaces/APIs (39 percent).
In addition, verifying security policies (51 percent), visibility into infrastructure security (49 percent), and compliance (37 percent) were identified as the three cloud security challenges causing the biggest headaches.
On the plus side, the most effective technologies for securing data in the cloud are seen to be encryption of data at rest (65 percent) and in motion on networks (57 percent), followed by intrusion detection and prevention (48 percent) and access control technologies (45 percent).
Navigating the road ahead
Put it all together and a very interesting cloud security scenario starts to emerge. When data was running primarily on premise, it was challenging to get IT organizations to adopt anything more elaborate than a firewall and anti-virus software running on the endpoint. In the age of the cloud, the appetite for a much broader array of cloud security technologies and services is considerably greater. That doesn’t mean IT organizations perceive the cloud to be less secure than their on-premise IT environment. Rather, it means they recognize that securing data in the cloud is simply a more complex endeavor.
Of course, many MSPs don’t have a deep reservoir of IT security expertise. Many of them have opted to partner with managed security service providers (MSSPs) that specialize in providing security services. Whether those relationships will wind up being temporary alliances that fill a knowledge gap or strategic partnerships that eliminate the need to invest in developing IT security skills will vary. Competition for IT security expertise, after all, is nothing short of fierce.
But for an MSP to remain relevant these days to an internal IT organization moving workloads into the public cloud they need to be able to address security in one way or another.