Information security professionals are moving away from perimeter-based security models to support adoption of cloud-based services, a study has revealed.
Nearly two-thirds of the 1,000-plus LinkedIn Information Security Group members polled said that moving focus to the workload is at least somewhat effective, according to the first LinkedIn Cloud Security Spotlight Report.
This finding confirms the shift from focusing on attack prevention and perimeter security towards advanced data protection methods such as encryption, the report said.
Some 68% of respondents said perimeter-based security is not the whole answer to securing cloud infrastructure, according to the report, commissioned by security firm CloudPassage. Only 15% believe perimeter-based security is effective in the cloud, while 18% said they are not sure.
The increasing frequency and success of attacks bypassing the network perimeter and the fact that corporate data is increasingly residing outside of the perimeter underscores the need for additional layers of defence, the report said.
Encryption of data at rest (65%) and in motion (57%) tops the list of most effective security controls for data protection in the cloud.
This is followed by access control (48%), intrusion detection and prevention (48%) and security training and awareness (45%).
The study confirmed that while there is broad cloud adoption by organisations seeking to cut costs and increase agility, security remains a top concern.
Some 71% of all respondents said they are investing in cloud infrastructure, 77% are investing in public cloud services and 71% are investing in hybrid cloud models, but 90% said they have moderate to severe security concerns regarding their cloud deployments.
For most security professionals, protecting cloud-based applications and systems remains a major concern and a critical barrier to faster adoption of cloud infrastructure.
General security concerns (45%), data loss and leakage risks (41%) and loss of control (31%) continue to top the list of barriers holding back further cloud adoption.
Read more about cloud security
- Enisa is looking to the UK for guidance on how to create a security framework that accelerates adoption of government cloud services across Europe.
- The Cloud Security Alliance's new frameworks for the European Union offer baseline security measures for government agencies.
- Security and privacy remain a stumbling block for cloud computing, according to information experts.
- Although 60% of small businesses are using cloud computing services, the remaining 40% are put off by security fears.
When asked to name the most important factor for protecting cloud infrastructure, 60% of respondents said “consistency across IT infrastructure” and 58% said “continuous protection”.
To address companies’ security needs when moving to the cloud, partnering with managed service providers ranks highest (34%), followed by using security software (33%) and adding IT staff to deal with cloud security issues (31%).
The number one method of closing the security gap for cloud computing and building confidence in cloud cited is the ability to enforce consistent, continuous security policies.
This was followed by application programming interfaces (APIs) for reporting, auditing and alerting on security events (45%) and effective mapping of security controls for internally hosted applications to the cloud infrastructure (41%).
Next came the isolation or protection of virtual machines (39%) and the ability to compare security levels across cloud providers (38%).
“This cloud survey represents a first glimpse into exactly what types of concerns are keeping security professionals up at night,” said Holger Schulze, group founder of the Information Security Community on LinkedIn.
“It’s clear from the survey results that a vast majority of organisations are investing aggressively in cloud computing technologies, while at the same time have not figured out the complete security model to give them continuous, consistent protection in these environments,” he said.
But the results of the survey also show that a broad range of security professionals know what to do to protect investments in cloud infrastructure, said Carson Sweet, chief executive of CloudPassage.
“They are seeking to deploy continuous, consistent security policies,” he said.