80% companies need more transparent cloud security

A new survey by the firewall operations management software company Algosec found that 79% of companies need to be more transparent in their security policy management to unify their internal cloud and public cloud environments. The survey visited 363 information security and network operations professionals, data Center Architects, application developers, and CIOs worldwide. 66% per cent of those surveyed said they were currently deploying or planning to deploy business applications on the infrastructure, the services (IaaS) platform, within the next 12-36 months.

The main ideas of respondents include: transparency in security management is obscured by cloud technology. 79% of respondents agreed that both internal data centers and public cloud environments needed to be more transparent, and 66% per cent found it difficult to extend the corporate network security strategy to the public cloud environment.

The lack of standard processes hinders cloud management and compliance. 59% per cent of respondents said there was a lack of business processes to manage network security in a mixed cloud environment, which proved to be another major problem compared to the internal data center, with 49% per cent of respondents saying it was difficult to achieve.

The security controls used on the IaaS platform have different choices. Only 33% of respondents used a commercial network firewall to protect cloud data, and 25% of respondents used vendor controls such as the Amazon Cloud platform AWS's own security controls to control access to an instance of different IP addresses, while 10% used host-based firewalls.

The enterprise has insufficient knowledge of cloud security controls. 33% of companies plan to deploy cloud business applications for the next 12-24 months, but are not sure which tools to use to manage the network security policies in their cloud.

Data and network security are the biggest challenges to migrating to a public cloud environment. Network security is the second most complex function after data security migration to the public cloud environment, which is the most complex for small and medium-sized enterprises.

Responsibility for cloud security is dispersed. In small and medium enterprises, the security of business applications running in the public cloud environment is primarily the responsibility of the IT operations department. The enterprise plans to transition responsibility to the information Security department in the future. In large enterprises, the responsibility is now in the information Security Department.