Cloud workloads at risk from security, management and compliance failings

New research from WinMagic looks at cloud adoption and barriers to further adoption, such as security/encryption, adoption and compliance.

New research from WinMagic finds security, management and compliance challenges are impacting the benefits businesses are receiving from using the cloud as their infrastructures become more complex. Thirty-nine per cent report their infrastructure was more complex since using the cloud, and 53 per cent spend more time on management tasks than they have done previously.

Falling short on securing the cloud

Ninety-eight per cent of the 1,029 IT decision maker respondents reported using the cloud, with an average 50 per cent of their infrastructure up in the sky. More than one third (33 per cent) of respondents reported that data is only partially encrypted in the cloud, and 39 per cent admit to not having unbroken security audit trails across virtual machines in the cloud, leaving them exposed.

Asked about their top three concerns on future workloads in the cloud, 58 per cent report security as their top concern, followed by protecting sensitive data from unauthorised access (55 per cent) and the increased complexity of infrastructure (44 per cent). On average, companies had to use three encryption solutions to protect data across the cloud and on-premises infrastructure, illustrating one of the main ways this complexity emerges.

Compliance confusion

Responsibility for the regulatory compliance of data is a significant area of confusion, with only 39 per cent considering themselves ultimately responsible for the compliance of data stored on cloud services. Worryingly, 20 per cent believing it is solely the responsibility of the cloud service provider, whilst a further 20 per cent believed they were covered by their cloud service provider’s SLA.

Further, only a quarter (25 per cent) of respondents have automated tools to ensure compliance rules are not broken. New legislation, such as the EU General Data Protection Regulation which comes into enforcement in May 2018, will see companies required to carefully manage the encryption, storage, use and sharing of personally identifiable information. As some people know by now, failure to comply can result in fines equivalent to 4 per cent of annual turnover or €20 million, whichever is the greater. Companies should already have an appointed data protection officer, to ensure compliance and mitigate risks.

‘The stakes for companies were already high, with data breaches increasing in frequency and scale,’ says Mark Hickman, chief operating officer at WinMagic.

‘EU GDPR reinforces the care that must be taken with data. The simple fact is that businesses must get the controls in place to manage their data, including taking the strategic decision that anything they would not want to see in the public domain, must be encrypted.’

Management tasks are frustrating IT teams

Expanding infrastructure has come at a cost for the majority of companies, with a greater burden on IT teams. More than half (55 per cent) reported needing to use more management tools since migrating workloads, sometimes needing multiple tools for the same task. More than half (53 per cent) reported spending more time on management tasks than ever before. Asked what they would use time saved on management tasks for they said:

  • IT projects needed to support the business (50 per cent)
  • Accelerate projects that are currently stalling (42 per cent)
  • Improving security (36 per cent)

Hickman adds, ‘At its heart, using heterogeneous cloud environments is making it harder for businesses to manage security and compliance, leaving staff firefighting rather than focusing on new projects that will benefit their businesses. Companies need to think about choosing management tools that are cloud agnostic, and remove complexity. WinMagic’s SecureDoc family of products does exactly this, encapsulating virtual machine management, encryption, and compliance across the widest range of operating systems and public or private cloud configurations.’

Further reading on cloud workloads

Related Topics

Cloud Computing

Leave a comment