Enterprises have faced several challenges in the last few years. From supply chain issues to a pandemic that forced hundreds of millions to work from home, the ability of a business to be resilient and bounce back in unprecedented times became paramount.
IT teams and CISOs everywhere worked overtime to establish systems that could facilitate and expand organisational networks, catering to a now-global remote working environment. Cyber-attacks surged as malicious actors capitalised on the newly expanded attack surface, and the need for digital resilience became even more important.
To compete, enterprises needed to meet multiple high standards at the same time. Simply remaining operational was not enough; successful enterprises had to be adaptable enough to continually offer high-quality, competitive services despite spikes in network traffic, and to keep operations and business data secure against potentially debilitating cyber threats.
Research indicates concerning dissatisfaction with service level agreements
As a result, many enterprises turned to the cloud, and many more are considering further migration of apps and services after experiencing initial success. However, while the cloud offers seamless scaling, remote collaboration and data sharing, recent research undertaken by A10 Networks found that 47% of enterprises considered their cloud service providers to be failing to meet service level agreements (SLAs). This number is even higher for UK respondents, with just over half saying their cloud service providers are not fulfilling SLAs. These agreements are critical to managing, mitigating and reducing both cyber and compliance risks.
The level of dissatisfaction varies across different sectors. Respondents from healthcare and government enterprises were the most unhappy, which is perhaps unsurprising when we consider that these sectors are highly regulated and store a large amount of personally identifiable information. They are also among the most hesitant cloud adopters, with our research finding that healthcare organisations have the highest percentage of their environment stored on-premises, with 24%, and that government enterprises are most likely to use SaaS, with an average of 26% of their environment on these platforms.
This again reiterates a strong desire from these sectors to maintain control over their data security, and an apparent distrust of cloud to deliver the robust security warranted.
The ever-evolving threat landscape can make cloud deployment a concern for any C-Suite. Therefore, as enterprises move from on-premises environments to keep pace with operational and end-user demands, what can they do to ensure robust security?
Understanding the shared responsibility model
Although digital transformation was well underway before COVID-19, the push towards remote working led many businesses to dramatically increase the rate or scale of their cloud adoption plans. This operational urgency to provide for such a large remote workforce meant that cybersecurity was more of an afterthought.
For those who have embraced cloud computing, a misunderstanding of the shared responsibility model can breed tension between service providers and their customers.
To achieve the many benefits of cloud, enterprises and cloud service providers alike must mitigate these misunderstandings. Cloud service providers will offer limited security services, with premium rates on more extensive offerings. This means that without a clear understanding of a provider’s SLAs, organisations could not only risk gaps in their cloud security, but also unforeseen costs as the business and its data grows.
Therefore, any investment in the cloud should be well-considered, and the security offerings of a particular vendor or cloud model must be mutually understood to prevent the customer overspending or leaving gaps in their cybersecurity strategy.
By truly understanding the service level agreements of a cloud service provider, enterprises can ensure that the joint responsibility of securing data, applications and processes is maintained, allowing IT teams to create a comprehensive cybersecurity strategy.
Of course, as the cyber threat landscape grows more sophisticated. Despite a cloud service providers’ security offerings, enterprises can reduce cybersecurity anxieties and mitigate cyber risk by implementing an internal security strategy to encourage a culture of cybersecurity across all levels of the organisation.