Adam Greenberg of SC Magazine cites a recent study from the Cloud Security Alliance (CSA) about cloud adoption in financial services firms. The article says:
“In a survey of 102 global participants – less than 50 percent had a solidified cloud strategy – from banking and credit unions, insurance groups, investment firms, and government organizations, ‘security concerns’ were unanimously cited as a reason not to adopt the cloud, according to the study.”
The study also found that the main reasons companies have a strict private-cloud-only policy are: security (86%) and compliance (86%) concerns, privacy (79%), data retention and destruction (79%), and data residency (57%).
Since enterprises lose the visibility and control they have in their private data centers when they move to the public cloud—the bane of infrastructure dependency— security becomes a concern. Public cloud providers control the network and infrastructure, which renders ineffective security strategies that depend on network constructs (e.g., VLANs, subnets, and security zones). This means security teams must evaluate and implement entirely new cloud-specific approaches to secure their applications. At the same time, picking security solutions offered by the cloud providers does not allow portability to other cloud hosting providers. Faced with non-uniform or inadequate security strategies, it is not surprising that security-conscious firms defer or dismiss public cloud considerations.
Keeping Visibility and Control When Moving to the Public Cloud
At Illumio, we have lowered cloud security concerns for our customers by helping them keep the same visibility and control that they enjoy in their private data center in the public cloud. We've decoupled both the specification and implementation of security from the underlying network with an adaptive security approach and policy model that allows rules to be written in natural language. The Illumio Adaptive Security Platform (ASP) includes:
- The ability to visualize interactions between applications workloads anywhere
- Uniform policies for data center and public cloud environment
- Security automation through APIs and DevOps integration
- Ability to automatically adapt to environment or application changes
- Use cases like micro-segmentation, data residency, and encryption of data in motion
Infrastructure may be different with cloud deployments, but the applications we run on these environments are similar to those in data centers. The question then becomes: “Why should security for these applications be different?” Our answer is that it should not be. It is also the reason that financial services firms represent a top customer category for us.