Software Integrity Blog
Survey: Data management is an afterthought in cloud migration
Moving virtualized workloads to the cloud is either a reality or a near-term goal for an overwhelming majority—90%—of 170 organizations surveyed during July and August by Druva, a cloud data management and security company.
But the forecast for the security and management of company data in that setting is, well, cloudy at best. The survey found that more than half of the respondents using the cloud are at risk of losing their data and of being out of compliance because of poorly implemented data management policies following a cloud migration—54% said they have no visibility into how data management policies are being applied and enforced, or even whether they’re being applied and enforced at all.
Among other findings:
- 73% of respondents are overreliant on processes prone to error or are operating with uncertainty about the status of their data.
- 55% don’t have a plan to centralize data protection across multicloud or hybrid cloud environments.
“The result is a critical gap in visibility into data in the cloud, which can increase risk to data infractions and compliance—such as not purging data in time, per retention and compliance regulations,” Druva said in a press release.
Low visibility leads to higher costs
The company obviously is not trying to discourage cloud migration—that is, after all, its business. Dave Packer, Druva’s vice president of products and alliances, said the benefits of moving to the cloud are “huge,” but noted that cutting costs isn’t always one of them.
One of the survey findings was that 53% of participants had not yet reduced costs by moving to the cloud.
“The visibility and data management requirements are higher to ensure organizations realize cost savings, which is why more than 53% of respondents are still struggling to hit that target,” Druva said.
Indeed, respondents said cost was not one of their primary drivers in moving to the cloud. The survey found that the top three were disaster recovery, ease of management, and archival in the cloud.
Still, it’s pretty much a guarantee that nobody is moving their workloads to the cloud in hopes of increasing costs. But that’s exactly what could happen if security and data management aren’t part of the planning, process, and maintenance of doing so.
Loss of data, breaches, and compliance failures could be costly both in raw financial terms and to brand reputation.
There are ways to help you avoid all that, however.
How to do cloud security right
Steven Cohen, product marketing manager at Synopsys, said there are a number of things organizations should do, based on the fact that “server workloads have fundamentally different protection requirements, especially in public clouds.”
“Most server workloads are restricted to a well-defined set of activities,” he said. “In VM environments, this is typically one application per VM. In container-type environments, this can be down to a single process or application service.”
“The increasing adoption of containers complicates workload protection strategies,” he added.
The list of security measures for VM workloads in the cloud includes:
- Employ systematic workload reprovisioning (SWR)—an emerging tactic for protection from advanced threats. “The premise is simple,” Cohen said. “Assume your systems are compromised and you can’t detect it. Thus, workloads (OS and application stack) are systematically regenerated from a known good and patched state using scripts and templates, even if the workload ostensibly appears to be healthy.”
- Employ software-defined segmentation, also referred to as “microsegmentation,” which provides finer-grained isolation and, in some cases, segmentation firewalling and inspection policies to workloads.
- Scan workloads for vulnerabilities both before release into production and while they’re in production.
- Encrypt data at rest in workloads running in public cloud IaaS (infrastructure-as-a-service), as it provides simple but effective protection of data for a limited set of threat scenarios.
- Use the best providers. The automation and programmatic infrastructure of leading IaaS providers enables enterprises to improve the security protection of public cloud workloads significantly. If the organization follows best practices, the data can be more secure than it would be in traditional data centers.
- Integrate application security testing and other vulnerability scanning capabilities into the deployment cycle, including scanning containers if they are used.
- Consider these statistics, which should lead to you to employ the best tools available. Through 2020, workloads that exploit public cloud IaaS capabilities to improve security protection will suffer at least 60% fewer security incidents than those in traditional data centers; 95% of cloud security failures will be the customer’s fault; and 99% of vulnerabilities exploited will continue to be those that have been known to security and IT professionals for at least one year.
Besides that, Cohen said, it is critical that organizations maintain tight control over their data in the cloud. “Left uncontrolled, cloud environments inevitably spin into unmanageable complexity and have unique security needs that legacy security protection solutions do not address,” he said.
