As an increasing number of businesses adopt the public cloud, security remains a crucial concern. However, it appears that organizations are getting more confident in their cloud security strategies. According to a recent Barracuda Networks survey of 850 security professionals, just over 44 percent of respondents believe that public cloud environments are as secure as on-premises platforms, while 35 percent of respondents feel that on-premises environments were more secure than the public cloud.
When it came to cloud security confidence, nearly 60 percent of respondents were either very confident or somewhat confident in their cloud platform. Only 14 percent were either not very confident or not confident at all.
A Major Obstacle to Cloud Adoption: A Shortage of Skilled Workers
While security confidence has increased, many users are still hesitant to house certain types of data in the cloud. When asked which workloads, applications, or data they would not be comfortable hosting in the cloud, 56 percent cited data about company finances; 54 percent cited employee data, 53 percent said customer data, and 47 percent were concerned about proprietary product data.
A shortage of skilled employees is also impacting how companies approach the cloud. Roughly 47 percent of respondents agreed that a shortage of cybersecurity skills was significantly affecting how they implement cloud technology.
In response, companies have attempted several strategies to overcome that skills gap, including training current staff (60 percent), outsourcing to MSPs (35 percent), relying more on technology providers (32 percent), relying more on technology vendors (28 percent), and hiring more employees (25 percent).
Another 42 percent of respondents felt that cloud environments were difficult to gain visibility into, and 36 percent believe that cloud environments are a “headache” when it comes to compliance, while 31 percent believe that cloud environments are hard to secure.
For MSPs looking for new opportunities in this market, it’s clear that end users need security awareness training in regards to cloud security, visibility, and compliance tools. There’s also an enormous outsourcing opportunity as the gap between the supply of skilled staff and the demand for those employees grows.
Protecting Cloud-Based Data with WAF and patching best practices
To secure cloud data and apps against threats, 59 percent of respondents reported that they implemented automated systems such as web application firewalls (WAFs). Roughly 19 percent indicated that a human process was used to respond to new threats and apply patches, and 22 percent indicated that their cloud or hosting providers would handle web application threats.
Those using a WAF were relying on a mix of commercial products and cloud provider WAF solutions.
Interestingly, of those companies not currently using a WAF to protect cloud applications, 39 percent of respondents said their apps don’t process sensitive or business-critical information. This reflects a critical misunderstanding of the current cyber threat landscape — attacks aren’t only focused on stealing data. They can also affect mission-critical services, cause business disruption, and provide a gateway to launch other types of attacks. The good news is that 37 percent of respondents planned to install a WAF in the near future.
Patching activity showed a worrisome degree of variability. When asked how often they had applied security patches to their web application frameworks or servers in the past 12 months, 35 percent indicated they had done so 1-5 times, while 33 percent had done so more than 10 times. Shockingly, 13 percent reported they had never applied any security patches over the past year.
That type of patching complacency led to the Equifax breach a few years ago, which has now cost that company more than $1.4 billion.
For those who indicated they hadn’t applied patches at all, nearly 21 percent of respondents said it could take anywhere from 1 to more than 6 months to patch a vulnerability after it was disclosed.
Although it’s clear that users are finally getting the message that cloud platforms can be just as secure (or even more secure) than on-premises solutions, some companies aren’t taking critical security precautions, such as regularly applying patches and leveraging a WAF.
Web application security and cloud security best practices are vital components to helping customers safely continue their digital transformations while taking advantage of the benefits of the cloud.