It looks like IT organizations finally are starting to appreciate how difficult cloud security is to achieve and maintain. A new survey of 618 IT decision makers, conducted by Dimensional Research on behalf of Barracuda Networks, finds that 74 percent want better integration between next-generation firewalls (NGFs) and the multiple clouds they need to deploy on. A total of 59 percent also indicated they want those firewalls to be programmable by developers to advance DevSecOps.
At the same time, IT leaders also want the role of the firewall in the cloud to be expanded. More than half (56 percent) say they would benefit from regulating traffic flows between on-premises and cloud data centers, while 53 percent see a benefit in being able to enforce policies and controls across a distributed environment.
The core issue IT leaders are starting to recognize is that it’s simply not possible to “lift and shift” on-premises security controls into the cloud. Many organizations have attempted to load a firewall on to a virtual machine in a public cloud. But most cloud service providers have uniquely implemented their own firewalls to secure the underlying infrastructure they provide. The security of the applications loaded onto that infrastructure, however, is left to the IT organization that built and deployed those applications. What’s required are NGFs that have also been designed from the ground up to integrate with the unique controls put in place by each of the major cloud service providers.
Gap between skills and demand
Naturally, this bifurcated approach to cyber security creates demand for the expertise required to manage it. Savvy managed service providers are building cloud security practices that span both multiple clouds and on-premises IT environments. Most organizations are already shorthanded when it comes to cybersecurity skills. Most of them are pushing workloads into a public cloud, but very few have the capabilities required to secure multiple workloads running on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Most of them can barely secure their own on-premises IT environments.
IT pros still say on-prem security is superior to #cloudsecurity, but truth is they simply have more confidence in their on-prem security skills @smartermsp @mvizard
This lack of capability is a major reason why most IT security professionals still say on-premises security is superior to cloud security. More than half the respondents to the Dimensional Research survey (56 percent) said on-premises security is superior to cloud security. The more nuanced truth is they have more confidence in their on-premises IT security skills and processes. In terms of cybersecurity technology, most cloud service providers are much more advanced compared to the average IT organization.
The dichotomy between cyber security inside and outside of the cloud creates a major opportunity for MSPs. It may require some significant investments to attain the level of cybersecurity skills required. But, it’s clear workloads are moving into the cloud to stay. The good news is that as cyber security becomes more programmable in the age of DevSecOps it’s becoming easier for MSPs to manage cyber security at scale across a much broader customer base. The challenge lies in putting in place the right cybersecurity framework that enables an MSP to seize that opportunity.