Public cloud security – still the biggest turn off for adoption?

• 58% of UK business decision-makers have admitted that security remains the biggest barrier to public cloud adoption in their organizations
• More than one in four companies have already been targeted by cloud hacking attempts since the start of the Covid-19 pandemic in early 2020
• Fear not – businesses can look into ways to manage the public cloud securely

The pandemic has made businesses more dependent on cloud computing than ever before. Today, most industries recognize cloud as a necessary tool for managing their workforce – especially in a Covid-19 environment, where almost everything has gone remote and/or digital.

However, some industries that would benefit greatly from cloud adoption are still resisting the move. Despite the cloud’s positive impact on business, 58% of the UK’s corporate decision-makers have admitted that security concerns remain the biggest barrier to public cloud adoption, according to new research from Centrify.

The research, conducted via a survey of 200 business leaders in large- and medium-sized enterprises in the UK, also revealed that over one-third (35%) of the organizations who have adopted cloud are less than confident that the technology is completely secure.

When questioned about security weaknesses in their companies, 45% of decision-makers agreed that the increasing amount of machine identities and service accounts, like those used by servers and applications, are becoming the biggest exposure point for their organization.

Interestingly, the findings also revealed that more than one in four (28%) of companies have already been targeted by a cloud hacking attempt since the start of the Covid-19 pandemic in early 2020.

Most worryingly, despite continued requirements on enterprises for digital transformation and rapid innovation, almost one-third (31%) of business decision-makers admitted that their development teams are more interested in getting around security than building it into the DevOps pipeline, posing a potentially grim cybersecurity outlook for 2021.

How businesses can manage the public cloud securely

As enterprises scale up their use of the public cloud, they must rethink how they protect data and applications — and put in place critical practices.

Inevitably, there are some inherent risks associated with cloud computing when the business entrusts a third-party or a cloud service provider with confidential and sensitive information.

Global consulting powerhouse McKinsey has stated in a recent report that competitive companies need to implement a proactive, systematic approach to adapting their cybersecurity capabilities for the public cloud. Among the practices that can help companies develop a consistent, effective approach to public-cloud cybersecurity is developing a cloud-centric cybersecurity model. 

“Companies need to make choices about how to manage their perimeter in the cloud and how much they will rearchitect applications in a way that aligns with their risk tolerance, existing application architecture, resources available, and overall cloud strategy.”

McKinsey added that companies should also redesign a full set of cybersecurity controls for the public cloud. For each individual control, companies need to determine who should provide it and how rigorous they need to be.

It is important to clarify internal responsibilities for cybersecurity, compared to what providers will do. “Public cloud requires a shared security model, with providers and their customers each responsible for specific functions. Companies need to understand this split of responsibilities — it will look very different from a traditional outsourcing arrangement — and redesign internal processes accordingly,” it said.

Lastly, applying DevOps to cybersecurity. If a developer can spin up a server in seconds but has to wait two weeks for the security team to sign off on the configuration, that McKinsey said, attenuates the value of the public cloud’s agility. It added companies need to make highly-automated security services available to developers via APIs, just as they are doing for infrastructure services.