The majority (70 percent) of cybersecurity professionals working in large organizations across Europe and the Middle East say that a rush to the cloud is not taking full account of the security risks. This is highlighted by a new cloud security study conducted for Palo Alto Networks® (NYSE: PANW), the next-generation security company.
The survey polled businesses that are actively adopting the cloud for their data, applications and services needs. It shows that cybersecurity professionals recognise that they must do much more to match the pace of the business on cloud, but that security is too often viewed as a business inhibitor when new applications and services are adopted. Among the findings:
Over a half (54 percent) of cybersecurity professionals in the U.K., France, Germany, Italy, the Netherlands, Sweden, UAE and Saudi Arabia report misalignment, between them and the rest of business, on cloud and cybersecurity issues, including cybersecurity’s role in making cloud adoption successful. Despite most cybersecurity professionals (64 percent) saying security is a top priority for their adoption of the public cloud, less than half of respondents are very confident that existing cybersecurity in the public cloud is working well, even for sensitive areas like finance.
Only around 1 in 10 (13 percent) cybersecurity professionals said they were able to maintain a consistent, enterprise-class cybersecurity across their cloud(s), networks and endpoints. Indeed, around half (49 percent) of respondents’ organizations say they take different, segmented approaches to cybersecurity today, but would like to have the same consistent visibility, command and control over cybersecurity across all areas.
Cybersecurity professionals feel under-consulted on cloud security and want more control. Only 19 percent say they have the correct level of involvement in the security of cloud services. Notably, even those who report that they have an extremely high level of involvement would like more control over cloud cybersecurity, as they are the group of professionals most likely (57 percent) to say they need even greater control and consistency of cloud cybersecurity.
Greg Day, vice president and regional chief security officer for EMEA at Palo Alto Networks, comments, “The adoption of the cloud is driven by the desire for more agile, innovative digital operations that cybersecurity needs to emulate. This is vital as cybersecurity professionals can often find it tough to keep pace and may fear the rest of the organization wrongly believes cybersecurity is an obstacle when, actually, it can help realise cloud ambitions. For cybersecurity to be as agile as business demands, today’s EMEA cybersecurity leadership needs to maintain firm and consistent control over cybersecurity across all environments, including cloud and multi-cloud.”
The research highlighted some variations by country. Respondents from organizations in France (80 percent), for example, are seeing the adoption of the cloud outpacing cybersecurity. Whereas organizations from the Netherlands (54 percent), Germany (64 percent) and the Middle East (United Arab Emirates and Saudi Arabia; 66 percent) don’t see the trend as acutely.
Day concludes, “Cloud is changing how IT is consumed and will also change how cybersecurity is consumed. It will enable organizations to gather and crunch a much richer and broader security dataset, run big data risk analytics and machine learning to stop threats faster, and access limitless compute muscle to enforce prevention comprehensively. Critically, all of this is done at the digital pace necessary to identify risks and prevent attacks that undermine digital trust.”
To address the requirements of organizations to maintain strong and consistent control of cybersecurity over their applications, data and transactions in hybrid cloud and multi-cloud environments, Palo Alto Networks has added new cloud capabilities to its Next-Generation Security Platform, designed to prevent successful cyberattacks in the cloud. The advancements provide customers operating in hybrid and multi-cloud environments with a comprehensive, consistent enterprise-class security offering that integrates directly with cloud infrastructure and workloads.