Migration to Infrastructure-as-a-Service Is Putting Businesses at Risk
A recent report by Cloud Security Alliance and Skyhigh Networks predicts that most enterprise custom apps will reside in the public cloud by the end of 2017, as industry-wide migration to infrastructure-as-a-service (IaaS) gains traction. However, this movement is helping to construct a new variant of shadow IT, according to SecurityWeek.
Shadow IT and Security Challenges
The Skyhigh Networks survey, which included 314 respondents, indicates businesses are steering away from the current method of running custom internal apps on locally operated data centers and increasingly using the public cloud instead. Although IT departments may be aware of this, the security teams are essentially in the dark, according to SecurityWeek. In fact, the survey shows only 38.4 percent of the apps known to IT administrators are visible to security teams.
However, it is possible this type of shadow IT is occurring because app developers are making the assumption that the IaaS security resources offered by major cloud providers like Amazon Web Services (AWS) and Azure are superior to the security available at their local data center, the source notes.
To complicate matters, as SecurityWeek highlights, a cloud environment implies shared responsibility: The customer remains responsible for the data they store and the apps they create in the cloud. Therefore, security teams need to remain in the loop in order for businesses to protect their data and, in turn, mitigate shadow IT risks.
“The security of custom applications has not been a focus in many organizations,” Nigel Hawthorn, Skyhigh’s chief European spokesperson, told SecurityWeek, “but every company is now a software company.” He goes on to note that 92 percent of organizations write custom apps, and enterprises will be running an average of 500 apps this year.
“Moreover, 72 percent of companies have a bespoke critical app running today that is essential to operations,” Hawthorn told the source. “When these workloads are targeted by a cyberattack or fall victim to a mistake, the downtime will cost a business dearly. It’s no surprise that application innovation is ahead of security, but with an average of 285 custom apps running that are unknown to IT security teams, companies must ensure that IT security is part of the custom app development process.”
Simply put, this scenario creates serious challenges for businesses, as unprotected apps put sensitive information at risk. And with more and more businesses heading to the public cloud for their IaaS deployments, the risks are likely to go nowhere but up.