Nearly 50% of UK IT leaders are exposing their organisation to unnecessary extra cyber-risk because they have failed to upgrade security strategies to take account of their cloud environments, according to new research from Trend Micro commissioned exclusively for CLOUDSEC Online.

The findings come from a three-part report series designed to create a Cloud Security Index which will help IT decision makers see how pervasive adoption is, where the biggest concerns lie, and how security can become a business enabler.

“Lift and shift” is a popular approach for migrating applications to the cloud. However, cybersecurity policy cannot be treated in the same way. Traditional on-premises security like firewalls, network intrusion prevention systems (IPS/IDS) and AV create performance bottlenecks and security gaps when deployed in cloud environments.

However, 47% of respondents admitted that their security model for the cloud has not changed.

“This is particularly concerning as 23% of organisations explained that they’ve already moved partly or fully to a DevOps model in order to drive digital transformation”, said Bharat Mistry, Principal Security Strategist at Trend Micro. “Container, serverless and other emerging technologies require specially designed security capabilities delivered as APIs in order to provide appropriate protection without interrupting development pipelines.”

Despite the large numbers persisting with on-premises security models, many UK organisations are looking for a single platform to provide cloud and on-premises security, the report revealed.

A lack of integration between cloud and on-premises security tooling was cited by a third (33%) as their biggest day-to-day operational headache and 43% argued that this was their biggest barrier to adopting cloud security at all — the most popular answer.

A majority (55%) of IT decision makers also said they want third-party security providers to integrate with multiple platform and application vendors, which will become increasingly important as they expand their use of multi-clouds. A further 54% said they want a security vendor “aligned” to their cloud journey.

The findings come ahead of Trend Micro’s popular CLOUDSEC conference normally held in September, to be held as a series of virtual events this year, coupled with a networking community. CLOUDSEC Online will feature fascinating insights into emerging threat and industry trends via presentations from world-leading experts, ranging right across the cybersecurity spectrum.