The importance of getting security on-board early in cloud projects

It goes without saying that security is a vital part – the most vital part – of cloud projects. But getting security engagement in early will make the whole process easier, from reduced risk of data loss to quicker project delivery.

That is the key finding from a new report by Hurwitz & Associates. The paper, sponsored by Lacework and titled ‘Balancing Velocity and Security in the Cloud’, polled 85 IT leaders from the Americas and Europe and examined the importance of automation in ensuring compliance and predictability in cloud projects, among other issues.

On automation, the paper offers this. “It’s no secret that there is a shortage of security professionals,” the report notes. “It is important that security offerings incorporate automation to allow security teams to address more events and to give junior analysts the ability to handle issues that are typically left for more senior analysts.”

Almost 85% of those polled said they were deploying significant cloud projects, with 35% going cloud first for all projects and 48% saying they were going for selective large projects. More than half (53%) of those polled said the most important characteristic of their cloud was that it was ‘safe and secure’, while the next most popular choice, ‘deliver new services and updates faster’, was selected by only 13% of respondents.

Only two in five (41%) of respondents agreed that their company catches every cyber attack and data breach of its cloud. That said, the researchers argue this figure may be out of kilter. “We suspect that the problem is much more serious than the level of confidence suggests,” the report noted. “It is simply not evident that security leaders are actually identifying all security threats.”

Yet organisations are attempting to improve their security operations. Almost 90% of those polled said their security and cloud operations teams were working closely together, while the same number, when asked on their most important priority before evaluating a cloud solution, inferred security was key before a line of code was written. 45% opted for project planning, compared with 22% for requirements definition, 13% for technology selection and 10% for project review and approval.

For those who get security onside early in a cloud project, the benefits are evident. Almost all (94%) of those polled said early engagement by the security team resulted in a reduced risk of cybercrime and data loss; 42% opted for faster project delivery and others for more predictable schedule (22%) and lower project costs (18%).

What’s more, when it came to key cloud security requirements, containers were certainly on the horizon. “As containers become the backbone of cloud applications, security teams need to track, identify, and manage containers along with monitoring container-to-container traffic within the cloud, not just from and to the cloud,” the report noted.

“The high velocity and scale of public clouds are shattering everything the security industry has assumed for the past 10 years,” said Sanjay Karla, co-founder and chief product officer at Lacework. “The acceleration of cloud adoption is now paving the way for security teams to deploy automated security solutions that naturally augment security teams’ ability to continuously validate their cloud configuration for security and maintain secure daily operations in the cloud.”

You can read the full report here (email required).