More shared responsibility confusion among cloud hoppers, Barracuda notes

Another day, another research study which reveals the benefits of the public cloud tinged with security concerns.

This time, a report from Barracuda Networks has shown that while respondents – 300 IT decision makers from companies across the US – expect the percentage of their infrastructure in the public cloud to almost double in five years, three quarters (74%) say security concerns restrict their organisations’ migration.

Yet perhaps the most worrying aspect of the research was around confusion with regard to the shared responsibility model of cloud computing. More than three quarters (77%) of those polled say public cloud providers are responsible for securing customer data in the cloud, while 68% believed vendors are responsible for securing customer applications as well.

This is not the first time this publication – or indeed, Barracuda – has noted the disparity. Back in July, a report from the company found similar misgivings. It’s worth repeating again what Amazon Web Services (AWS) and Microsoft, the two leading companies in the space, have to say on it.

AWS describes the relationship between vendor and customer as being responsible for security ‘of’ the cloud – compute, storage, networking, and so forth – and ‘in’ the cloud, such as customer data, applications, and identity and access management, respectively. For Microsoft, it’s a question of differentiating between software, infrastructure, and platform as a service. SaaS has more responsibility for the provider, going down through PaaS, IaaS and eventually on-prem which is of course entirely the customer’s responsibility – but with data classification always the responsibility of the user.

Here, the issues do not appear to have changed, with Barracuda making a series of recommendations to organisations. First, partner with third-party security vendors who support a wide range of ecosystems for a multi-cloud scenario – a situation Skytap, who this publication recently featured, affirmed – as well as look for vendors that provide a common management scheme. Naturally, Barracuda is adept at each of these scenarios.

“This survey confirms what we are hearing from customers and partners – security remains a key concern for organisations evaluating public cloud, and there’s confusion over where their part of the shared responsibility model begins and ends,” said Tim Jefferson, Barracuda vice president public cloud in a statement.

“Many organisations realise that cloud deployments can be inherently more secure than on-premises deployments because cloud providers are collectively investing more into security controls than they could on their own,” added Jefferson. “However, the organisations benefiting most from public cloud are those that understand that their public cloud provider is not responsible for securing data or applications and are augmenting security with support from third-party vendors.”