Q&
EDITOR’S
WHAT ARE THE
CYBERSECURITY
IMPLICATIONS FOR
BUSINESSES AND
ORGANISATIONS
USING THE
PUBLIC CLOUD?
Cybersecurity professionals
have high confidence in cloud
service providers but are still
not crystal clear about their own
responsibilities for their data and
application security.
A
new study has revealed that there
appears to be misperception
and contradiction about who is
responsible for cybersecurity within the
public cloud.
In the newly published cloud security
study commissioned by Palo Alto Networks,
a global leader in cybersecurity, nearly a
third of respondents incorrectly believe
that the cloud service provider has primary
responsibility for securing their organisation’s
data within a public cloud infrastructure.
However, while the shared responsibility
model makes service providers responsible
for their cloud infrastructure, organisations
are wholly responsible for securing their own
data and applications. Key findings include:
A high majority (83%) of cybersecurity
professionals expressed complete
confidence in their cloud service provider
securing the infrastructure
However, only 51% of respondents
claim full awareness of the shared
responsibility model
One in 10 respondents incorrectly
believes that the shared responsibility
model refers to multiple cloud providers
sharing security responsibilities
While there is misunderstanding
about the responsibilities for data and
infrastructure security in the cloud, there
is little hesitance by organisations about
operating multiple cloud service provider
environments simultaneously. On average,
most reported that their organisation used
two cloud providers and almost 44% use
three or more.
INTELLIGENT TECH CHANNELS
Issue 20
Separate findings reveal that
cybersecurity professionals do want more
scrutiny over cloud service providers’
security capabilities.
However, more than half (52%) say their
organisation hasn’t carried out enough due
diligence around cybersecurity requirements
when picking a cloud provider, suggesting
that security may not be scrutinised
appropriately as projects are scoped.
Greg Day, VP and CSO, EMEA, Palo
Alto Networks, said: “Our survey shines a
light on a telling anomaly – cybersecurity
professionals have high confidence in cloud
service providers but are still not crystal
clear about their own responsibilities for
their data and application security.
“Cybersecurity teams cannot assume that
the security offered by public cloud vendors
provides consistent and holistic enough
protection. Today we see only just over one
in 10 cybersecurity professionals saying they
have the capability to maintain consistent
security policies across their entire IT
space including typically multiple clouds; a
situation that must significantly improve.”
Palo Alto Networks’ research into cloud
security has also found that a majority of
European and Middle East cybersecurity
professionals at organisations using
DevOps practices in the public cloud believe
that their organisations are trading speed
for security.
The study revealed that 72% of
cybersecurity professionals indicated that
the speed of public cloud adoption was
introducing preventable security risks to
software updates.
49