Executives regret hasty cloud investments as risk, security issues pile up

With NDB now law and GDPR looming, 71 percent of executives believe business risk was not taken seriously enough during cloud migration

Enthusiasm about cloud-driven transformation has led many executives to make decisions about cloud migrations that they have come to regret, according to new research highlighting the dangers involved in rushing towards the cloud without adequate risk protection.

Fully 97 percent of 204 Australian C-level executives responding to an AMR-Rackspace survey said they would have made different strategic decisions during their first cloud migration, with 62 percent saying they should have sought more information during the process.

Just 16 percent said they were very satisfied with the communication of cloud capabilities, adherence to project timelines or budgets, and the effectiveness in meeting company objectives. And fully 71 percent said that business risks were not addressed seriously enough, suggesting that at least one strategy to address risks was not well developed.

“Cloud migration is complicated,” Rackspace ANZ senior director and general manager Angus Dorney said in a statement. “Setting expectations and addressing risks upfront is critical, especially as enterprises have so much to gain with a well-executed cloud migration strategy. The executive team must be satisfied with the outcome of cloud migration, or the business will be unable to reap the many benefits of this process.”

Lack of information about cloud deployments has long been a problem for business adopters of the technology – particularly as the recently introduced notifiable data breaches (NDB) scheme and upcoming EU general data protection regulation (GDPR) tighten the compliance screws on executives who now find themselves needing to vouch for the integrity of risk controls that may well be immature or absent.

Fully 88 percent of respondents to the recent Gemalto 2018 Global Cloud Data Security said that GDPR compliance will require changes in cloud governance, even as just 54 percent of respondents said they were either very confident or confident that the IT organisation knows all cloud-computing applications, platforms or infrastructure services in use.

These results reflected the persisting disconnect between security and cloud strategy, with warnings that IT security “may be losing its relevance in determining cloud security strategies” – despite adoption surging to the point where 51 percent of all IT and data processing requirements would be in the cloud within two years, up from 39 percent now.

“Despite the fact that Australia is an early adopter of cloud and do have policies and practices in place, the perception among employees is that they are not proactive in managing compliance and data security,” Gemalto ANZ regional director Graeme Pyper told CSO Australia.

“There is a need to have more due diligence on some of the newer, startup applications that we see in the cloud. Those are the applications that we need to be understanding more from a security perspective, so we can say hand on heart that it ticks the boxes for business and security as well.”

Cloud providers have been working to bolster the security credentials of their cloud offerings: Dimension Data’s Protected Government Cloud service, for one, was recently certified for use with PROTECTED level information – joining similar platforms from Macquarie Government, Sliced Tech, and Vault Systems. McAfee this month extended its Cloud Security Platform to protect Microsoft Azure using the fruits of its acquisition of SkyHigh Networks, while Dome9 added a GDPR Readiness Bundle to its cloud compliance engine.

A new Barracuda Networks global survey of over 600 IT security professionals found that 93 percent had faced challenges integrating security into application development processes – the coalface of cloud development efforts – with 67 percent saying they had encountered limitations with existing security solutions and 48 percent saying that security processes had been a bottleneck.

“We’re continuing to see questions and concerns around how organisations should approach security with their cloud deployments, especially from larger companies,” Tim Jefferson, Barracuda VP public cloud, said in a statement. “While there are a number of reasons for this, moving to the cloud requires a new way of thinking about security for organisations that are used to operating under traditional data centre architecture.”

Tags cloud securityNotifiable Data Breaches

Show Comments