This blog is the sixth in our series about a new study, Cloud Data Security by TechTarget’s Enterprise Strategy Group (ESG). The study examined challenges of securing cloud data among 387 IT, cybersecurity, and DevOps professionals who evaluate, purchase, test, deploy, and operate hybrid cloud data security technology products and services at organizations in North America. Normalyze is a co-sponsor of this study. If you’d like to read ESG’s eBook about the entire survey, download a PDF here.
This blog summarizes key points for the survey’s fifth major finding: Data security is a team sport, with security and IT ops taking the lead.
The Emergence of the Cloud Security Architect
The “architect” in information technology has long held a pivotal role in determining infrastructure and solutions used by a large organization. Familiar job titles include IT systems architect, enterprise architect, solutions architect, technical architect, cloud infrastructure architect – and now, the cloud security architect. In ESG’s survey, most organizations (86%) have a cloud security architect (CSA) and most of the rest are actively hiring or establishing this position in the next year or so.
Cloud security has become so important that more than three fourths (79%) of ESG survey respondents say their CSA does or will report to a C-level executive. CSAs therefore have a strategic role as they define security policies for cloud infrastructure, cloud-resident data, DevSecOps, and other areas of responsibility.
Data Security Is a Team Sport, but Cloud Is Driving Consolidation across Disparate Environments
Cloud security architects are the strategic leaders in setting policies for securing cloud-resident data. An extended team of roles also contributes to this process – particularly for the implementation, usage, and management of relevant tools and platforms. Aside from CSAs, survey respondents said the top three roles with capabilities believed to be most effective for protecting cloud-resident sensitive data include data center infrastructure and operations (47%), security (42%), and DevOps (40%).
Other related roles for cloud data security noted by the ESG survey include networking, regulatory compliance, application development, line-of-business/application owners, and, of course, the legal team. The use of a cloud data security platform like Normalyze helps a broad range of stakeholder teams to effectively collaborate and execute the organization’s vision for securing cloud-resident sensitive data.
The unique separation of data security functions for cloud versus legacy on-premises IT appears to be in a state of flux. Like the general trend of consolidating multiple security tools to a few integrated platforms, the ESG survey also reveals a gradual merging of different groups or individuals currently responsible either for cloud or on-premises data security.
According to ESG survey respondents, one in five (17%) organizations have already unified security responsibilities across hybrid cloud environments. A whopping 62% expect to merge these responsibilities, so everyone should prepare for a single organizational thrust towards security of sensitive data. Use of a centralized data security platform like Normalyze will dramatically ease implementation, operations, and effectiveness of an organizationally unified approach.
Our next blog in this series will take a deeper look at ESG’s sixth and last major finding, that organizations are investing in data security, with a third substantially increasing data security’s share of cybersecurity budget. Meanwhile, if you’d like to read all of ESG’s major findings, you can download the eBook.