Cloud Security Survey: Concerns with Traditional Security in the Cloud (Part 3)

This is the final post of a 3 part series on a cloud security survey recently conducted by CloudPassage. The survey looks at the actual adoption of cloud computing, both private and public clouds, what cloud benefits are most important to businesses, what security challenges are the biggest pain points and so on.  You can read the prior posts here and here.

As many sources have shown, security is the number one inhibitor to cloud adoption. But as was revealed in the first blog post in this series, most companies are deploying private and public clouds in spite of their security concerns. When trying to secure their clouds, companies often apply their legacy security solutions. But this causes frustrations, if not outright security problems.

In the recent CloudPassage Cloud Security Survey, respondents were asked to rate particular challenges with traditional security products. The following table shows the percentage of respondents that found these traditional security challenges to be important or very important inhibitors to private and public cloud adoption.



Lack of compliance support



Lack of cloud security functions



Doesn’t work across clouds & datacenter



Lack of portability



Lack of integration with security ops



Doesn’t work in the cloud



Heavy resource footprint



Lack of integration with mgmt/ automation tools



The security concerns were relatively similar across private and public clouds, but the challenges were rated as bigger for private clouds than public. Several factors may have contributed to this such as the type of organization in the private cloud (larger enterprises), the type of workload in the private cloud (although this was not measured in this survey, the percentage of critical workloads as opposed to test/dev in private clouds is likely higher). The fewer concerns with traditional security in public clouds also aligns with the more complete deployment of new and existing applications in the public cloud versus private cloud (see second post in the series).

There could also be a higher expectation that private cloud security will secure dynamic private cloud environments while still working with other elements of the data center because they are generally all in house. This would explain the significantly higher need for security that works across clouds and data centers and integration with security ops for private clouds.

The one security challenge that was significantly more prevalent for public clouds was lack of integration with management and automation tools. Organizations generally have less visibility and control in the public cloud and this lack of integration exacerbates this problem.

Compliance support is at the top of the list when considered across both private and public clouds. This is not surprising as organizations subject to compliance regulations must be able to meet these requirements in their cloud implementations. But this was followed closely by the need for security with cloud security functions. Both private and public clouds are usually based on virtualization platforms that dynamically create, move, and decommission resources to meet computing needs. Security must be built with cloud security functions that support this elasticity and is automatically provisioned and updated to support the dynamic nature of the cloud.

With most companies now using cloud computing, we need to go beyond the limitations of traditional security solutions that were created for static infrastructure and apply security that is designed to protect and enable cloud environments.

Stay up to date

Get the latest news and tips on protecting critical business assets.

Related Posts