2nd Watch Cloud Security Survey: Shared Responsibility Model Confuses Cloud Customers

Some IT professionals don’t realize it’s their responsibility to secure data and applications running in the cloud, putting their companies and customers at risk


SEATTLE, Sept. 28, 2017 (GLOBE NEWSWIRE) -- 2nd Watch announces the results of a survey of more than 1,000 enterprise IT professionals. The survey, which ran online this month, focused on the cloud security practices and assumptions of organizations with at least 1,000 employees. A key takeaway was that the majority (73%) of IT professionals don’t fully understand the public cloud shared responsibility model, and many think their cloud providers have more responsibility for securing applications and data than they do.

Security industry standards and compliance is a shared responsibility between cloud service providers, like Amazon Web Services, customers and partners. This model can help relieve a customer’s operational burden, as AWS, for example, operates, manages and controls the components, from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. Simultaneously, a managed services partner leads the responsibility and management of the guest operating system (including updates and security patches), data protection and application software security, and configuration of the AWS-provided security group firewalls.

Judging by the survey, enterprise IT professionals may not be as aware or prepared as they could be when it comes to the AWS shared responsibility policy. Forty percent of respondents believe their applications and data are fully protected by their cloud service provider, while 34% believe security is their own company’s responsibility entirely.

Despite the confusion, enterprise organizations are rapidly migrating data and applications to the public cloud. Sixty percent of survey respondents said they have already or will soon move all their IT infrastructure to the cloud. The survey also found that many enterprise organizations are being proactive when it comes to cloud-based application and data security. Per the survey, enterprises are heavy users of encryption – 55% have encrypted at least half of their internal traffic – and unified security policy management across hybrid deployments is already a reality for more than 50% of large enterprises.

Other promising cloud security findings from the survey include:

  • Nearly half (49%) of respondents said they have a security solution capable of preventing Advanced Persistent Threats that use application files as breach vectors
  • 63% of respondents said they have at least some ability to identify apps or services operating in their public cloud environments
  • 66% of respondents said they have at least some ability to enforce application-level access control policies in their public cloud environments
  • 67% of respondents said they have at least some ability to see or control file movement in application flow in their public cloud environments
  • 67% of respondents said they have at least some ability to block application flow vulnerabilities or malware in their public cloud environments

“Enterprise organizations are moving wholeheartedly to public infrastructure, but many could stand to learn more about the shared responsibility model used by the major public cloud providers,” says Jeff Aden, EVP of Marketing & Strategic Business Development & Co-Founder at 2nd Watch. “Thirty percent of IT pros responding to our survey indicated that their organizations have suffered as many as five serious security attacks in the past year. In order to adequately protect their companies and customers, it’s critical that IT professionals work closely with their cloud providers and partners to fully understand their cloud security responsibilities, and implement a plan that meets their needs.”

About 2nd Watch
2nd Watch is an AWS Premier Consulting Partner in the AWS Partner Network (APN) providing managed cloud to enterprises. The company’s subject matter experts, software-enabled services and cutting-edge solutions provide companies with tested, proven, and trusted solutions, allowing them to fully leverage the power of the cloud. 2nd Watch solutions are high performing, robust, increase operational excellence, decrease time to market, accelerate growth and lower risk. Its patent-pending, proprietary tools automate everyday workload management processes for big data analytics, digital marketing, line-of-business and cloud native workloads. 2nd Watch is a new breed of business which helps enterprises design, deploy and manage cloud solutions and monitors business critical workloads 24x7. 2nd Watch has more than 400 enterprise workloads under its management and more than 200,000 instances in its managed public cloud. The venture-backed company is headquartered in Seattle, Washington. To learn more about 2nd Watch, visit www.2ndwatch.com or call 888-317-7920.

Media contact:
Kevin Wolf
TGPR
(650) 327-1641
kevin@tgprllc.com