Survey: Security Risks Soar Along With Cloud Workloads
The shift from traditional datacenters to cloud infrastructure is exponentially expanding server workloads, thereby increasing enterprises' "attackable surface area" and, with it, security risks, a new vendor survey warns.
CloudPassage Inc., a security platform vendor focusing on shielding servers running in datacenter and cloud infrastructure, polled attendees at the recent Black Hat security conference. In findings released Friday (Aug. 19), the San Francisco-based company said a whopping 94 percent of respondents believe the shift from datacenters to the cloud exposes them to greater risk. As server workloads soar, IT managers estimated security risks jumped by a factor as high as 100 times.
While scaling, agility and the dynamic nature of the cloud are seen as a competitive advantage, increased server workloads are driving security requirements as "attackable surface area" grows in parallel with server workloads. One consequence is that 95 percent of respondents said the shift to the cloud requires them to create, modify or retire server workloads much more frequently in the cloud than traditional datacenters.
Hence, 85 percent of IT security managers said they have been unable to keep pace with the rate of server workloads changes necessitated by the shift to the cloud. Barely one quarter of those polled said they have the automation tools needed to secure and audit cloud server workloads when configuring and deploying them, CloudPassage reported.
Still, automation in the form of firewalls and segmentation tools are becoming more widely available. A healthy 62 percent of those polled said they are beginning to use automation tools for secure and audit cloud workloads.
The shift to the cloud and agile application delivery also is creating more "security management overhead," Carson Sweet, co-founder and CTO of CloudPassage, noted in a statement releasing the survey findings. "Organizations rarely increase the size of their security teams at all, much less enough to keep up with the higher scale and pace. While organizations have started to understand that cloud infrastructure can deliver faster development, deployment, and innovation cycles, many are not thinking about the related impact to security operations."
As enterprises shift to the cloud, security analysts note the steadily shrinking gap between developing and deploying enterprise applications and the build out of IT infrastructure. Hence, some argue that security must be baked into cloud infrastructure via emerging automated security tools.
The need for automation is growing, CloudPassage argued, because most respondents said the size of their IT security staffs is unchanged.
The security platform vendor said its survey results were gleaned from live interviews conducted with IT security managers attending the Black Hat security conference during the first week of August.