To use a long-forgotten metaphor, cloud deployment is moving forward at Internet speed at many enterprise organizations. According to ESG research, 57% of enterprise organizations use public and private cloud infrastructure to support product applications/workloads today, and an overwhelming majority of organizations will move an increasing number of applications/workloads to cloud infrastructure over the next 24 months.Now no one would argue the fact that cloud computing represents a different compute model, but it is really based upon the use of server virtualization for the most part. And since a VM is meant to emulate a physical server, many organizations approach cloud security by pointing traditional security processes and technologies at cloud-based workloads. This behavior is illustrated in a recent ESG research survey, in which cybersecurity and IT professionals were asked if their organizations used existing security technologies and processes for security workloads residing in cloud infrastructure (i.e. public and private). A vast majority (92%) said they did so, “extensively or somewhat.”46% of respondents claim that data security technologies (i.e. encryption, DLP, etc.) are the least effective traditional tools for addressing cloud security requirements. This is a really big deal when sensitive data moves to the cloud. 46% of respondents claim that host-based security technologies (i.e. AV, file integrity monitoring, HIDS/HIPS, etc.) are the least effective traditional security tools for addressing cloud security requirements. Yup, host-based tools assume they have captive permanent resources to use which is antithetical to the cloud. 44% of respondents claim that network security technologies (i.e. firewalls, IDS/IPS, gateways, etc.) are the least effective traditional tools for addressing cloud security requirements. This is especially troublesome since network security really dominates overall IT security at most enterprises. 42% of respondents claim that web application firewalls (WAFs) are the least effective traditional tools for addressing cloud security requirements. Another technical incongruity, no wonder why Amazon now offers WAF as a service.
You can skip this ad in 5 seconds