Over the past decade, public sentiment toward cloud security has drastically improved. A look back at headlines from 2008 reveals the public’s apprehension toward the cloud and its security measures.
“Cloud computing is a trap…” one headline claimed, while another asked, “How can we trust the cloud, Net or whatever “it” is if we can’t know where our data resides?” It’s clear that early reluctance for adoption was driven by a struggle to understand this brand new technology.
Today, 98 percent of IT leaders trust their cloud providers to keep their data secure – a rate that was practically unimaginable ten years ago. But despite the high trust numbers, Softchoice found in its latest report –The State of Cloud Readiness: IT Leaders Lost in the Cloud – that not all on the cloud security front is perfect.
A Crisis of Confidence
IT leaders’ anxiety toward cloud security has turned inward. While they trust their cloud providers to hold up their end of the security bargain, they are less confident in the security capabilities of their own internal teams, especially once cloud migration is underway.
Those closest to the daily strategies and processes of the cloud are especially concerned. Only 36 percent of IT managers and directors are highly confident in extending their own internal security policies to the cloud. Their senior counterparts (IT VP and C-level execs) are only slightly more confident – 46 percent of IT executives feel secure with their internal policies.
The gap between the two levels of IT leaders suggests that higher-level executives who have a more hands-off role in daily cloud processes take an aspirational view of their organization’s security policies. The fact that managers and directors – those closest to daily execution – have greater doubts should indicate that organizations’ cloud security policies and execution need more attention.
Bridging the Gap
What measures can they take to bridge the confidence gap? The solution to getting a better grasp on security efforts is two-fold.
First, IT leaders need to address the rift that exists among different levels of IT leadership. While IT also have their doubts, it’s a clear problem that confidence in security practices among managers and directors is markedly lower.
The disconnect likely doesn’t stop at a seniority standpoint either. Individual teams – such as developers, infrastructure specialists, and application process owners – often aren’t on the same page. IT teams incur security risks because they have not established the procedures, guidelines, and governance they need to ensure the security of their data and applications.
Addressing the issue may require a refresher on DevOps practices and a deeper embrace of those values to bring teams together. Organizations need to establish operational guidelines, the same way they do for deploying physical infrastructure. In designing an agreed-upon approach for cloud security success, the IT team can set a predictable path for the organization.
On top of improving communication internally, turning to outside partners will provide organizations the help they need.
Gaining control of cloud security initiatives requires the right skills. But the IT hiring market is laden with competition, so it’s not always feasible to bring in outside hires. Training internal talent poses time and money challenges as well, and doesn’t guarantee immediate protection on urgent matters like cloud security. Therefore, bringing in a partner is often the best option for securing migrated cloud workloads as soon as possible.
Cloud security policies are part of an organization’s foundational success, and addressing cloud security concerns is not a job for a rainy day. For more on finding the right guidance for extending security policies into the cloud, download The State of Cloud Readiness: IT Leaders Lost in the Cloud today.