WHAT ARE THE
CYBERSECURITY
IMPLICATIONS FOR
BUSINESSES AND
ORGANISATIONS
USING THE
PUBLIC CLOUD?
A
new study has
revealed that
there appears to
be misperception
and contradiction
about who is
responsible for
cybersecurity within the public cloud. In
the newly published cloud security study
commissioned by Palo Alto Networks, a
global leader in cybersecurity, nearly a
third of respondents incorrectly believe
that the cloud service provider has
primary responsibility for securing their
organisation’s data within a public cloud
infrastructure. However, while the shared
responsibility model makes service
providers responsible for their cloud
infrastructure, organisations are wholly
responsible for securing their own data
and applications. Key findings include:
• A high majority (83%) of
cybersecurity professionals
expressed complete confidence in
their cloud service provider securing
the infrastructure
• However, only 51% of respondents
claim full awareness of the shared
responsibility model
• One in 10 respondents incorrectly
believes that the shared
responsibility model refers to
multiple cloud providers sharing
security responsibilities
While there is misunderstanding
about the responsibilities for data
and infrastructure security in the
cloud, there is little hesitance by
organisations about operating multiple
cloud service provider environments
simultaneously. On average, most
www.intelligentciso.com
|
Issue 07
shines a light on a telling anomaly –
cybersecurity professionals have high
confidence in cloud service providers
but are still not crystal clear about their
own responsibilities for their data and
application security.
reported that their organisation used
two cloud providers and almost 44%
use three or more. Separate findings
reveal that cybersecurity professionals
do want more scrutiny over cloud
service providers’ security capabilities.
However, more than half (52%) say their
organisation hasn’t carried out enough
due diligence around cybersecurity
requirements when picking a cloud
provider, suggesting that security may
not be scrutinised appropriately as
projects are scoped.
Greg Day, VP and CSO, EMEA, Palo
Alto Networks, said: “Our survey
“Cybersecurity teams cannot assume
that the security offered by public
cloud vendors provides consistent and
holistic enough protection. Today we see
only just over one in 10 cybersecurity
professionals saying they have the
capability to maintain consistent security
policies across their entire IT space
including typically multiple clouds; a
situation that must significantly improve.”
Palo Alto Networks’ research into cloud
security has also found that a majority of
European and Middle East cybersecurity
professionals at organisations using
DevOps practices in the public cloud
believe that their organisations are
trading speed for security.
The study revealed that 72% of
cybersecurity professionals indicated
that the speed of public cloud adoption
was introducing preventable security
risks to software updates.
27