The Following is from Greg Day’s post on the Palo Alto Networks Research Center:
When meeting with organizations across EMEA, I often hear them cite concerns about putting security in the cloud. However, in the following discussions, they typically admit that doing just that is inevitable. There’s a mindset change here that needs to be embraced on all sides of the cybersecurity equation.
I’ve worked previously with companies operating on the mantra that change is the only constant, yet cybersecurity experts often perceive change as a loss of control that they have to regain. This is perhaps why 70 percent of cybersecurity professionals across Europe and the Middle East say a rush to the cloud is not taking full account of the security risks, according to a recent survey conducted by Palo Alto Networks.
At the same time, there is increasing pressure from regulation, such as GDPR, to be mindful of what data (specifically PII) is put into the cloud. Unlike databases or other IT systems, the concern is typically around how PII data can be accidentally captured by security tools being used.
With all this in mind, it’s not surprising that the initial idea of moving cybersecurity to the cloud makes many security leaders anxious, just as IT leaders felt when it came to moving their applications.