Posted by Taylor Armerding on Monday, August 27th, 2018
Moving virtualized workloads to the cloud is either a reality or a near-term goal for an overwhelming majority—90%—of 170 organizations surveyed during July and August by Druva, a cloud data management and security company.
But the forecast for the security and management of company data in that setting is, well, cloudy at best. The survey found that more than half of the respondents using the cloud are at risk of losing their data and of being out of compliance because of poorly implemented data management policies following a cloud migration—54% said they have no visibility into how data management policies are being applied and enforced, or even whether they’re being applied and enforced at all.
Among other findings:
“The result is a critical gap in visibility into data in the cloud, which can increase risk to data infractions and compliance—such as not purging data in time, per retention and compliance regulations,” Druva said in a press release.
The company obviously is not trying to discourage cloud migration—that is, after all, its business. Dave Packer, Druva’s vice president of products and alliances, said the benefits of moving to the cloud are “huge,” but noted that cutting costs isn’t always one of them.
One of the survey findings was that 53% of participants had not yet reduced costs by moving to the cloud.
“The visibility and data management requirements are higher to ensure organizations realize cost savings, which is why more than 53% of respondents are still struggling to hit that target,” Druva said.
Indeed, respondents said cost was not one of their primary drivers in moving to the cloud. The survey found that the top three were disaster recovery, ease of management, and archival in the cloud.
Still, it’s pretty much a guarantee that nobody is moving their workloads to the cloud in hopes of increasing costs. But that’s exactly what could happen if security and data management aren’t part of the planning, process, and maintenance of doing so.
Loss of data, breaches, and compliance failures could be costly both in raw financial terms and to brand reputation.
There are ways to help you avoid all that, however.
Steven Cohen, product marketing manager at Synopsys, said there are a number of things organizations should do, based on the fact that “server workloads have fundamentally different protection requirements, especially in public clouds.”
“Most server workloads are restricted to a well-defined set of activities,” he said. “In VM environments, this is typically one application per VM. In container-type environments, this can be down to a single process or application service.”
“The increasing adoption of containers complicates workload protection strategies,” he added.
The list of security measures for VM workloads in the cloud includes:
Besides that, Cohen said, it is critical that organizations maintain tight control over their data in the cloud. “Left uncontrolled, cloud environments inevitably spin into unmanageable complexity and have unique security needs that legacy security protection solutions do not address,” he said.
Get the latest AppSec news and trends sent directly to you.