Enterprises Are Leaving Cloud Security Policies To Chance

Grazed from DarkReading. Author: Ericka Chickowski.

As the lines blur between data center and cloud provider facility, very few organizations are keeping up with policies and technology geared to handle the shift to dynamic data centers, reports a new study out by the SANS Institute last week. The report shows that even at the most basic level, planning is scarce: fewer than a third of organizations have a strategy in place to tailor security requirements to the mix of environments they use.

“Security teams need to do a lot of thinking to keep up with the rapid diversification? of enterprise computing into a variety of private, public, cloud and traditional environments,” says Dave Shackleford, SANS analyst and author of the report. “Teams that are ahead of the game have already developed strategies describing how traditional and cloud computing models fit together, typically outlining what data or other assets can go to which type of external provider and what conditions should be placed on providers of different types or security levels.”...

Commissioned by Illumio, the survey polled over 400 organizations to get the full picture on the state of security in today’s environments. As things stand, over half of organizations surveyed utilize Infrastructure-as-a-Service (IaaS) and almost a third use Platform-as-a-Service. While most of these services operate under a shared responsibility model that requires users to protect environments contained within, the truth is that the amount of security technology used within the cloud remains low compared to similar assets on premise; in most major categories it is half or less...

Read more from the source @ http://www.darkreading.com/enterprises-are-leaving-cloud-security-policies-to-chance/d/d-id/1322709