Intelligent CIO Africa Issue 24 | Page 24

EDITOR’S QUESTION WHAT ARE THE CYBERSECURITY IMPLICATIONS FOR BUSINESSES AND ORGANISATIONS USING THE PUBLIC CLOUD? ////////////////////////////////////////////////////////////////////////////////////////////////////////// A new study has revealed that there appears to be misperception and contradiction about who is responsible for cybersecurity within the public cloud. In the newly published cloud security study commissioned by Palo Alto Networks, a global leader in cybersecurity, nearly a third of respondents incorrectly believe that the cloud service provider has primary responsibility for securing their organisation’s data within a public cloud infrastructure. However, while the shared responsibility model makes service providers responsible for their cloud infrastructure, organisations are wholly responsible for securing their own data and applications. Key findings include: • A high majority (83%) of cybersecurity professionals expressed complete confidence in their cloud service provider securing the infrastructure • However, only 51% of respondents claim full awareness of the shared responsibility model • One in 10 respondents incorrectly believes that the shared responsibility 24 INTELLIGENTCIO model refers to multiple cloud providers sharing security responsibilities While there is misunderstanding about the responsibilities for data and infrastructure security in the cloud, there is little hesitance by organisations about operating multiple cloud service provider environments simultaneously. On average, most reported that their organisation used two cloud providers and almost 44% use three or more. Separate findings reveal that cybersecurity professionals do want more scrutiny over cloud service providers security capabilities. However, more than half (52%) say their organisation hasn’t carried out enough due diligence around cybersecurity requirements when picking a cloud provider, suggesting that security may not be scrutinised appropriately as projects are scoped. Greg Day, VP and CSO, EMEA, Palo Alto Networks, said: “Our survey shines a light on a telling anomaly – cybersecurity professionals have high confidence in cloud service providers but are still not crystal clear about their own responsibilities for their data and application security. “Cybersecurity teams cannot assume that the security offered by public cloud vendors provides consistent and holistic enough protection. “Today we see only just over one in 10 cybersecurity professionals saying they have the capability to maintain consistent security policies across their entire IT space including typically multiple clouds; a situation that must significantly improve.” Palo Alto Networks’ research into cloud security has also found that a lot of cybersecurity professionals at organisations using DevOps practices in the public cloud believe that their organisations are trading speed for security. The study revealed that 72% of cybersecurity professionals indicated that the speed of public cloud adoption was introducing preventable security risks to software updates. www.intelligentcio.com