EDITOR’S QUESTION
WHAT ARE THE
CYBERSECURITY
IMPLICATIONS FOR
BUSINESSES AND
ORGANISATIONS
USING THE PUBLIC
CLOUD?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
A
new study has revealed that there
appears to be misperception
and contradiction about who is
responsible for cybersecurity within the
public cloud. In the newly published cloud
security study commissioned by Palo Alto
Networks, a global leader in cybersecurity,
nearly a third of respondents incorrectly
believe that the cloud service provider
has primary responsibility for securing
their organisation’s data within a public
cloud infrastructure.
However, while the shared responsibility
model makes service providers responsible
for their cloud infrastructure, organisations
are wholly responsible for securing their own
data and applications. Key findings include:
• A high majority (83%) of cybersecurity
professionals expressed complete
confidence in their cloud service provider
securing the infrastructure
• However, only 51% of respondents
claim full awareness of the shared
responsibility model
• One in 10 respondents incorrectly
believes that the shared responsibility
24
INTELLIGENTCIO
model refers to multiple cloud providers
sharing security responsibilities
While there is misunderstanding about the
responsibilities for data and infrastructure
security in the cloud, there is little hesitance by
organisations about operating multiple cloud
service provider environments simultaneously.
On average, most reported that their
organisation used two cloud providers and
almost 44% use three or more.
Separate findings reveal that cybersecurity
professionals do want more scrutiny over
cloud service providers security capabilities.
However, more than half (52%) say their
organisation hasn’t carried out enough
due diligence around cybersecurity
requirements when picking a cloud
provider, suggesting that security may not
be scrutinised appropriately as projects
are scoped.
Greg Day, VP and CSO, EMEA, Palo Alto
Networks, said: “Our survey shines a light
on a telling anomaly – cybersecurity
professionals have high confidence in cloud
service providers but are still not crystal clear
about their own responsibilities for their data
and application security.
“Cybersecurity teams cannot assume
that the security offered by public cloud
vendors provides consistent and holistic
enough protection.
“Today we see only just over one in 10
cybersecurity professionals saying they have
the capability to maintain consistent security
policies across their entire IT space including
typically multiple clouds; a situation that
must significantly improve.”
Palo Alto Networks’ research into cloud
security has also found that a lot of
cybersecurity professionals at organisations
using DevOps practices in the public cloud
believe that their organisations are trading
speed for security.
The study revealed that 72% of
cybersecurity professionals indicated that
the speed of public cloud adoption was
introducing preventable security risks to
software updates.
www.intelligentcio.com