Why security and compliance are still the main blockers to cloud adoption

However, one of the perceived barriers to cloud adoption continues to be concerns around security and compliance, which was the key topic of discussion at a recent techUK panel in which iland took part. During this discussion, we talked about the fact that nine out of ten security professionals worry about cloud security.

The survey found that nearly half of security personnel admitted to simply trusting their cloud providers to meet security agreements without further verification.  This highlighted that transparency continues to be a key issue, as many providers do not offer detailed insights into the cloud environment.  Or, if they do, this is certainly not up to the same levels customers are accustomed to in their own data centre operations.  At the same time teams tend to throw technology at the problem, however tech alone will not solve the problem. The survey showed that 48 percent more security technologies are deployed in the cloud than on-premise. Further, security features now top the list of priorities companies consider when selecting a cloud provider ahead of performance, reliability, management tools and cost.  Therefore, our advice to companies is that it is really important firstly to verify your cloud provider’s claims and, secondly, to ensure that you can properly leverage the technology that you are deploying

Interestingly, the results showed that there appears to be much more alignment between IT and the business. As respondents indicated IT would rather delay a new application deployment due to security concerns than deploy it in a potentially insecure environment, and the business agreed in an almost 3 to 1 margin. This represents a fundamental shift in organisational dynamics, where business should no longer view security personnel as naysayers, but allies who are committed to fighting threats alongside the business.

One of the key problems that accentuate security issues appears to be around skills and staffing shortages.  In fact over two thirds of organisations EMA admitted that they have staffing shortages and 34 percent have skills shortages, which directly correlate to flaws and opposing perceptions uncovered in our study.  While IT has made monumental progress in identifying and adopting necessary security technologies, cloud providers must do more to ensure teams can easily validate claims, manage disparate tools, anticipate threats and take action when needed.

While 96 percent of security professionals acknowledge that their organisations have compliance related workloads in the cloud, only 69 percent of IT teams identified the same. This gap could lead to exposures for the organisation if IT were to place a compliance-related workload into a non-compliant cloud provider.  

And, finally, clearly defined responsibilities are needed both with your cloud service provider and within your own company, as clearly in the end, where security is concerned, the buck stops with you. There is no point claiming that you thought someone else had it covered.  This is where DevSecOps comes in as the next evolution of DevOps whereby you make security the responsibility of every member of the team, at every step of the way, right from dev through to ops.

Right now and for the forecastable future cloud adoption sees no sign of abating. Therefore, it is critical that we get security and compliance right. Otherwise it will continue to be a blocker for organisations and could hinder innovation and competitive advantage.

By Monica Brink, EMEA Marketing Director, iland