Skip to content
Security Operations

How Cloud Evangelists Face — and Overcome — Cloud-Computing Security Challenges

By Gunter Ollmann, CSO, Devo

June 30, 2021

[wtr-time]

This is the third in a series of posts examining the recent Devo research report, Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits, which is based on a survey conducted by Enterprise Strategy Group (ESG).

The first post provided an overview of the report while the second delved into whether we have reached the tipping point for cloud proliferation.

This time, we’ll take a look at the cloud-computing security challenges Cloud Evangelists face. Let’s begin by explaining how we define that group. According to the report, Cloud Evangelists are organizations that have adopted cloud computing for both business applications/workloads and cloud security. In general, these organizations are at the forefront of realizing the many benefits of cloud computing and cloud security.

But their focus on obtaining the full benefits of cloud computing does present some challenges for Cloud Evangelists to overcome:

  • 29% of Cloud Evangelists believe public cloud computing has made their IT and security operations more complex. What’s more, nearly one-third said that their adoption of cloud computing has exposed limitations in their organization’s ability to provide complete security visibility. And nearly one-third of respondents also reported that moving to the cloud exposed limitations in their existing security toolsets.
  • Nearly 40% of Cloud Evangelists also said that they’ve seen an increase in security data for analysis, and 30% said that cloud computing has caused them to evaluate specialized cloud security technologies.

So, is cloud security worth the effort?
At this point, you might be thinking that moving business activities and security to the cloud is not a great idea. But that is far from the case. In fact, the opposite is true.

It’s fair to say that many of the complexities Cloud Evangelists face with IT and security operations in hybrid environments can be associated with the comparative gap in security visibility and management capabilities between cloud-native and legacy on-premises tools.

Cloud security tools have advanced (and continue to do so) at a much faster pace than their on-premises counterparts. That gap is adding new frictions that require complex — and less than ideal — workarounds for those attempting to elevate legacy tools to the newly preferred operational model.

Ultimately, Cloud Evangelist organizations have discovered that relying on the cloud for business applications and workloads, as well as security, is very much worth the effort and will deliver tangible benefits.

To realize these benefits, Cloud Evangelists have to take more decisive actions around security, which lead to better outcomes for the business. For example, nearly 70% of Cloud Evangelists in the survey reported that “public cloud computing has had a significantly positive impact on the business.” Further, more than 60% said it also “had a positive impact on the pace of adopting new technologies.”

What about organizations that resist the shift?
In contrast, respondents from organizations that haven’t adopted cloud computing and cloud security are missing out on the many benefits inherent in the cloud. For example, less than half of Cloud Adopters — defined as organizations adopting cloud computing for business apps/workloads but less so for security — and Cloud Antagonists — organizations not aggressively adopting cloud computing for any use cases — reported they experienced positive business outcomes.

The next post in the series will cover best practices for moving your security technologies to the cloud. But if you can’t wait, you can download the full report, Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits, now.

More Data. More Clarity. More Confidence.