Cloud Security, Firewall Concerns Create Channel Opportunities: Study
The study, which was conducted by the Ponemon Institute and commissioned by cloud security management player Dome9 Security, showed that 67 percent of nearly 700 respondents feel that their organization is vulnerable (35 percent), or very vulnerable (32 percent) because cloud ports and firewalls aren't properly locked down. Additionally, 54 percent of respondents said their company's IT personnel have no knowledge of the potential risk of open firewall ports in their environment.
The findings, said Larry Ponemon, CEO of the Ponemon Institute, are startling as they illustrate a lack of understanding around key cloud security needs.
"It tells me that we have a big problem out here," he said.
Equally jarring, Ponemon said, is the lack of certainty in organizations around who is responsible for cloud security and for ensuring cloud environments are locked down. According to Ponemon, organizations believe their partners are responsible for their cloud security, with 36 percent of respondents saying their partner or provider should secure their clouds. Meanwhile, 31 percent of organizations said it is their own responsibility to ensure the cloud is secure, while the remaining 33 percent said it is both the organizations' and their providers' duty to provide secure cloud computing environments.
There is also a strong divide within organizations over which internal personnel handles cloud security. According to Ponemon, 41 percent of respondents said the onus is on IT operations. The remaining respondents said cloud security is the job of the IT security team, the data center crew or that it is a managed service.
Ponemon said the uncertainty around cloud security responsibility raises another interesting question: "If you don't have knowledge, how can you have responsibility?"
Overall, Ponemon said, the study found that only 9 percent of respondents would classify their cloud security management as excellent, while 18 percent claim it's good; 27 percent say it's fair; and 25 percent say it's poor. Twenty-one percent of organizations declined to rate their cloud security management.
Dave Meizlik, vice president of marketing and business development for Dome9 Security, which sponsored the study and offers an automated cloud firewall management service, said that the findings, while eye-opening, bode well for the cloud channel as partners can bring their clients up to speed with cloud security and add value with cloud security services like firewall management.
The study, Meizlik said, found that 73 percent of respondents feel a cloud server firewall is the first line of defense against attacks and exploits, while 72 percent said automation is important to cloud firewall management. That opens the door for partners.
Additionally, 42 percent of respondents said they fear that they wouldn't know if their company's applications or data was compromised by a security exploit or data breach involving an open cloud server port, and 79 percent said that the ability to efficiently manage security in the cloud is as important as cloud security itself.
The survey also revealed that 36 percent of respondents' organizations can't manage access or generate reports efficiently, and 29 percent say they manage access through cloud provider's tools by that they can't see those reports. And 78 percent of respondents said the most important feature to cloud server security is being able to close ports automatically, to avoid manually reconfiguring their firewall.
Meizlik said that security has been a major inhibitor to cloud adoption, and because the cloud requires open ports for connectivity, security becomes a greater concern. He said companies are turning to the channel for firewall management services and are seeking controlled and automated ways to ensure the cloud environment is secure.
"Security in the cloud is what they're really concerned with," he said.