It’s already been well established that the No. 1 concern organizations have about deploying application workloads in the cloud is cloud security. But, it turns out there’s also significant confusion about who is responsible for IT security on a public cloud. The providers of public clouds assure customers that the infrastructure they make available is secure. The customer is responsible for securing any software they deploy on those public clouds, though.
Unfortunately, a new survey of 300 IT decision makers conducted by the market research firm Vanson Bourne on behalf of Barracuda Networks finds that 68 percent of decision makers are under the impression that cloud providers are responsible for securing customer applications. This may help account for why there are now so many episodes of data being left open on a public cloud, including incidents involving Viacom, Verizon, and Time Warner Cable.
Many assumptions get made when organizations talk about moving to the public cloud. One of the biggest ones is that a public cloud is managed much like any other IT environment. In reality, a public cloud is very different. In fact, it’s not uncommon for costs to spiral out of control because someone simply didn’t realize they needed to turn a virtual machine off.
Cloud security lessons
Managed service providers should spend some time educating their customers about what it really takes to optimally manage and secure a cloud. Most organizations opting to employ a public cloud are already signaling they don’t want to be involved in managing IT, so it may come as a surprise to them how much managing of workloads still needs to be done in the cloud. Once they’re informed, quite a few of those organizations are likely to take the next logical step — asking a local MSP to manage both their local and cloud applications. The goal shouldn’t be to scare the leaders at those organizations. Instead, MSPs need to provide customers with the benefit of their experience. Most of them will draw the right conclusion without needing to be subjected to a hard sell. A full 74 percent of the respondents to the Barracuda Networks survey are already concerned about cloud security.
The Barracuda survey finds that on average IT decision makers run 44 percent of their IT infrastructure on a public cloud. That number is expected to double in next five years. Most organizations want to make the shift to the cloud for two reasons. The first is there is a perception that costs will be lower. Not all workloads are created equal, though. Some long-running applications are still less expensive to run on-premises.
The second major reason is IT agility. Organizations can stand up applications faster in the cloud. That may not be the case forever as more software-defined infrastructure gets adopted. But for now, it’s generally faster to deploy an application on a public cloud. At the same time, though, if an application is insecure the speed at which it gets deployed only reduces the time until that organization experiences a major IT security crisis. Taken in that context, cloud applications, much like Ralph Nader discovered with cars in the 1960s, are unsafe at any speed.
Photo: VTT Studio/Shutterstock
Editor’s Note: Barracuda MSP, this site’s sponsor, is the MSP business unit of Barracuda Networks.