Everyone talks about the issue of security in the cloud, but the problem is far more complicated than it first appears. More than just a simple matter of protecting data, it may also be about protecting security jobs.
+ Also on Network World: Cloud security: A mismatch for existing security processes and technology +
This inherent contradiction was apparent in the results of a recent survey of 140 attendees at the Microsoft Ignite 2016 conference last month. Performed by Lieberman Software Corporation, the survey addressed how IT security professionals felt about the changes in the technology and how it affected their jobs.
Where do you store sensitive data?
One key finding was that 73 percent of respondents choose to keep sensitive data on their own network rather than in the cloud. That might suggest that they felt the cloud was less secure than their own servers, but that may not be what’s really going on here.
It seems many traditional IT security experts felt challenged by the changes in their industry and didn’t much like having to do things in new ways. Almost half of respondents (43 percent) said they found it “difficult to secure data in the cloud.” That’s not the same as the cloud being less secure, and it doesn’t address whether or not securing data in the cloud was inherently easier or more difficult, just that they had more trouble with it.
Do security pros have a double standard?
That perceived difficulty could be why a similar percentage reported that they themselves didn’t apply the same security standards in the cloud. The survey revealed that 43 percent of respondents do not change their credentials in the cloud as frequently as they do on premises. Now, if you want to blame the cloud for this potential security violation, go ahead. But it seems to me that’s a user issue, not a cloud issue.
The real problem, perhaps, is that an overwhelming 90 percent of survey respondents said the cloud is forcing them to learn new skills. They didn’t say whether this is a good thing or a bad thing, but it’s likely the reason behind their reluctance to treat cloud security with the same level of engagement they use in on-premise situations.
But for about a third of respondents, the issue goes much deeper. It’s not just about personal preference, it’s an existential question. According to the survey, 33 percent said they think the cloud will be the end of the traditional IT security team.
An existential threat to IT security jobs?
If that percentage is truly representative, it says a lot about the concerns we often hear about cloud security. Consciously or unconsciously, a new technology that threatens the very existence of your job is not likely to inspire warm, fuzzy feelings in the people who have to work with it.
That doesn’t mean that there are no security issues in the cloud. But it does make it harder for security professionals to impartially assess those risks.