Cloud apps
More than 80% experienced outages as a result of out-of-process changes. Nearly two-thirds of respondents report that manual processes limit security visibility and poor change-management practices are the biggest network security challenges.
One in five said they have more than 500 applications. Three out of five respondents said their data center includes more than 50 critical business applications.
Only 15% rely on cloud hosting for the majority of their applications. Three-quarters of organizations are using cloud hosting to some degree, but three out of five still worry about availability and security.
59% noted a lack of operational workflows to manage network security in a hybrid environment. Nearly one in five respondents said that aligning priorities and plans between development, security and operations teams was their greatest challenge.
Many cloud service providers don’t provide any compliance visibility. A full 49% said demonstrating compliance using infrastructure-as-a-service (IaaS) platforms is difficult.
Enabling connectivity drove more than 40% of all firewall rule changes for the majority of organizations. Almost one in five organizations (18%) reported that the details of ensuring business application connectivity posed the greatest challenge.
25% rely on cloud service provider controls. Only 33% use commercial network firewalls to protect access to their data in the cloud.
A third of companies that are planning to deploy business applications in the cloud within the next 12 to 24 months do not know which security tools they will use.
At large companies, the responsibility is in the hands of information security teams (72%). At small and midsize companies, security for business applications running in public clouds is handled mostly by IT operations (70%).
The threat from within is potentially more lethal than any external threat. Nearly three-quarters of organizations rated accidental data leakage or malicious behavior by insiders as their No. 1 risk.
Half of respondents who outsource the management of security controls or sensitive information were less than confident in their providers’ ability to give protection. This has serious implications for the channel.