Cloud Security Study
Managing Firewall Risks in the Cloud
Survey of U.S. IT & IT Security Practitioners
Independently conducted by Ponemon Institute LLC
Published November, 2011
Download as PDF
Part 1. Introduction
Ponemon Institute is pleased to present the results of Managing Firewall Risks in the Cloud. Sponsored by Dome9 Security, this research was conducted to determine the challenges organizations face when managing access and securing firewalls and ports in their cloud environments. We believe this is the first study to look at the risk to cloud security because of unsecured ports and firewalls.
Imagine this. Can this happen to your organization?
After configuring a cloud server firewall, a systems administrator inadvertently locksout your organizationís access to a cloud server, thereby preventing it from processing a mission critical application.
In order to access cloud servers, your organization leaves administrative server ports (such as SSH or Remote Desktop) open. These open ports expose the organization to increased hacker attacks and serious security exploits.
The study surveyed 682 IT and IT security practitioners (hereafter referred to as IT practitioners) in the United States. On average, respondents have more than 10 years IT or IT security experience. Only IT practitioners working in organizations that use hosted or cloud servers (dedicated or virtual private server) completed the survey. The majority of respondents report that their organizations use both public clouds and hybrid (semi-public) clouds. Forty percent are employed by organizations with a worldwide headcount of more than 5,000.
Our research shows that the majority of respondents (68 percent) say their organizations use public cloud services. The most commonly cited service providers are listed in Bar Chart 1.
Bar Chart 1. The major public cloud service providers used by respondentsí organizations
More than one choice is permitted
According to the majority of these respondents (52 percent), the state of cloud server security management is either fair or poor and 21 percent had no comment. This concern can be partly attributed to the finding that 42 percent fear that they would most likely not know if their organizations’ applications or data was compromised by a security exploit or data breach involving an open port on a cloud server.
The topics addressed in this study include:• Perceptions about organizations’ ability to mitigate the risk to their cloud servers
• Barriers to efficiently managing security in the cloud server
• Responsibility for managing cloud security risks
• The risk of open ports in a cloud environment
• The importance of certain features to securing the cloud server
The next section reports the key findings of our independently conducted survey research. The results provide strong evidence that organizations’ cloud servers are vulnerable, most IT personnel do not understand the risk and it is a challenge to secure access to and generate reports for cloud servers.