Share

Related Stories

  • CISOs' Role Becoming More Strategic, But there Are Growing Pains
    As emerging technologies like cloud adoption and mobile computing present new opportunities to organizations, it follows that the risk to data grows as more access to it opens up. Coupled with sophisticated and advanced threats from attackers, the role of the CISO is becoming more strategic within many organizations, according to the 2013 IBM Chief Information Security Officer Assessment.
  • Cloud Security Revenue Set to Skyrocket
    Faced with the opportunity to trade in capex for set monthly fees and a way to lower administration overhead, many resource-strapped IT departments are embracing cloud services for mission-critical functions; and cybersecurity is no exception.
  • UK Cybersecurity Skills Gap Persists – Especially for Cloud
    The cybersecurity skills gap in the UK continues to be an issue, despite there being a critical need in government and the private sector alike for a skilled security workforce. The jobs are there – but the staff isn’t – particularly when it comes to next-generation environments like the cloud.
  • Companies Unaware of the Data Loss Risk in Virtual Storage
    Gaps between the perception of cyber-risk (or cyber-safety) and the reality of a given situation seem to persist despite high-profile discussions of emerging threats. The latest concern revolves around storing data in the cloud or virtualized environment: Research reveals that 80% of companies believe that storing data in that way decreases or simply does not impact their organization’s chance of data loss. Yet, two in five companies leveraging virtual storage experienced data loss from these types of infrastructure-as-a-service (IaaS) environments in the last year.
  • The Five Personas of Cloud Adoption
    It is no longer enough to say that business comprises those who have adopted cloud technology and those who will adopt cloud technology. New research from NTT Com Security (erstwhile Integralis) describes five separate personas in attitude to cloud; although they still range from those that have yet to adopt to those that have totally embraced the new technology.

Top 5 Stories

News

Cloud Migration Introduces Gaping Risk, and Little Management

30 October 2013

Migration to the cloud continues apace as businesses look to outsource applications to reduce cost and management overhead. But while businesses worldwide mull the move from physical infrastructure to private, public or hybrid clouds, more than two-thirds of organizations are encountering application connectivity disruptions or outages during data center migration projects.

And while IT organizations want to know what their risks are from the business perspective, most network vulnerability management systems do not offer that view.

“Critical business applications fuel today’s data centers, but security teams lack visibility on how security activities impact the business,” said Nimmy Reichenberg, vice president of marketing and business development at AlgoSec, which released the findings as part of its “Examining the Impact of Security Management on the Business” report.

Reichenberg added, “As a result, provisioning connectivity for data center applications is time-consuming, severely hampering business agility and increasing the risk of business disruptions and security breaches caused by errors in firewall configuration… and as our study shows, these challenges are magnified when migrating applications or entire data centers to the cloud.”

Also, whether it’s connectivity changes, outdated software, device misconfigurations or other factors, the vulnerabilities associated with business applications abound. Given the choice, nearly half of respondents in the survey (48%) want to view risk by business application; 30% want to see their exposure by network segment and 22% by server or device. With this type of visibility, security teams can more effectively communicate with business owners and enable them to “own the risk,” the report found.

But right now, most don’t have that capability. And as a result, the study found that cloud migration does not necessarily save labor time. For instance, firewall audits require increased man-hours – 74% of respondents said they spend more than one man-week on firewall audits per year and more than 46% spend more than two man-weeks per year on it, taking resources and time away from more strategic and valuable efforts of the business.

Also, half of the respondents said that they require more than five weeks to deploy a new data center application, while 25% require more than 11 weeks. That becomes significant when one considers the volume of cloud usage. More than 32% of respondents reported having more than 100 critical business applications in their data center, and 19% said they had more than 200 critical applications.

There are also “fast and furious application connectivity updates,” AlgoSec found, but they’re processed slowly. Nearly half of organizations (45%) have to manage more than 11 business application connectivity change requests every week, and 21% must manage more than 20 changes per week. That’s potentially a productivity-killing situation: 59% say it takes more than eight hours to process each application connectivity change request, with 31% saying it takes more than one business day per change.

Despite the significant amount of time spent managing changes, the majority of IT professionals (53%) reported that they have limited visibility into the impact that network security changes have on critical business applications. One in six noted that they have poor or very poor visibility, and another 37% characterized their visibility as only fair.

Further, it turns out that decommissioning data center applications is painful and even risky. When decommissioning applications in their data centers, 59% of respondents said they have to manually identify which firewall rules to change, while 15% leave the unnecessary access rules in place, creating security risks.

The lesson learned here is that businesses need to start prioritizing network vulnerabilities by business application, AlgoSec concluded, in order to introduce more streamlined risk management processes. “The current approach to managing security policies and devices is not in alignment with what the business requires,” reads the report. “In order to improve both security and agility, security professionals must have the visibility to understand the impact of policies on business applications and then be able to communicate with business owners. The rapid growth of critical applications in data centers creates significant challenges as the length of time required to deploy new applications and/or update existing ones impacts the organizational agility and productivity those applications are presumably designed to enhance.”

This article is featured in:
Application Security  •  Business Continuity and Disaster Recovery  •  Cloud Computing  •  Industry News

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×