Cloud services are becoming practically ubiquitous – but according to the latest study from McAfee, one in four organisations who use the public cloud has had their data stolen.

The findings appear in ‘Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security’, a report which surveyed more than 1,400 IT professionals around security concerns with private and public cloud services.

Usage numbers are as strong as one would expect – except for one. 97% of respondents said they were using cloud services of some form, while more than four in five (83%) say they store sensitive data in the public cloud. Yet while two thirds (65%) said they had a cloud-first strategy, this was down from last year’s ranking of 83%. McAfee puts this down to caution on the part of certain companies – but added that ‘the more they know, the more confident IT professionals are that cloud-first is the course they want to be on.’

A quarter of firms polled who use IaaS, PaaS or SaaS said they have had data stolen, while one in five has experienced an advanced attack against its public cloud infrastructure. This is particularly serious given the various types of sensitive data stored. 61% of firms polled said they stored personal customer information, while 30% store intellectual property and healthcare records.

With GDPR just around the corner – only a month away – organisations reported a significant increase in their compliance efforts. Fewer than 10% of respondents said they were dialling back investment in their cloud provider because of GDPR.

The report gives three best practice tips for organisations looking for greater security gains. Firms should, if they’re not already, explore DevOps and DevSecOps environments – ‘integrating development, quality assurance and security processes within the business unit or application team is crucial to operating at the speed today’s business environment demands’ – as well as invest in a unified management platform across multiple clouds and automation techniques.

“Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on,” said Rajiv Gupta, McAfee senior vice president. “By implementing security measures that allow organisations to regain visibility and control of their data in the cloud, businesses can leverage the cloud to accelerate their business and improve the security of their data.”

You can read the full report here (registration required).

Singapore has overtaken Hong Kong to be the number one cloud-ready Asia Pacific nation, according to the latest report from the Asia Cloud Computing Association (ACCA).

The two regions have swapped places since the previous analysis two years ago, with New Zealand retaining bronze medal position, and Japan and Taiwan overtaking Australia. While the latter has slipped a couple of places in the rankings, ACCA said it was still a ‘strong regional contender’ which performed well in most areas but was ‘weighed down by its relatively poor cloud infrastructure.’

Singapore scored particularly strongly in broadband quality, cybersecurity, regulation and business sophistication while Hong Kong top scored in international connectivity and privacy. A study from SolarWinds published last week found cloud and hybrid IT was the most important technology and management tool for organisations in Hong Kong, albeit with plenty to do – 61% of respondents said their IT environment was not performing at its optimal level.

There was no change in the bottom half of the rankings compared with 2016, with Vietnam, China and India propping up the table.

China’s continued poor ranking comes amidst a series of improvements over recent years. According to IDC in February the country will – apart from Japan – be the biggest public cloud spender in the Asia Pacific region. The continued growth of Alibaba’s cloud operations, as this publication has frequently reported, was also apparent. The eCommerce giant was ranked third in public cloud IaaS by Gartner last year and announced plans for European expansion at this year’s Mobile World Congress.

The ACCA report noted China had made progress across ‘several parameters’, but had struggled in power sustainability and broadband quality, reflecting issues with the logistics in getting country-wide adoption. “The Chinese government continues to devote considerable fiscal resources to the development and improvement of infrastructure, a move that will undoubtedly pay off in the next few years,” the report explained.

For the region overall, the report sends a message of strengthened cloud capabilities, but with a caveat. “The fact that the eight highest ranking economies remain unchanged between the 2014 and 2018 [reports] suggests that the cloud divide may already be deeply entrenched,” ACCA said. “Without further intervention, this divide could widen despite the efforts being made by emerging markets to leverage the smart technologies that enable sustainable digital economies.”

You can read the full report here (pdf).

Cloud technologies are key to Hong Kong businesses according to a new report from SolarWinds – but containers, blockchain and robotics still have a fair way to go yet.

The findings appear in the company’s latest IT trends report, ‘The Intersection of Hype and Performance.’ The research polled 75 IT practitioners, managers and directors in Hong Kong – with the overall research quizzing more than 800 respondents across four continents – and found cloud and hybrid IT was the most important technology and management tool for organisations’ strategy today, cited by 92% of those polled.

Big data and analytics, cited by 77% of respondents, was also a key tool, ahead of automation (71%), software-defined everything (SDx) (52%), and the Internet of Things (51%). Containers scored 29%, while blockchain (11%) and robotics (9%) fared poorly.

Worryingly, 61% said their IT environment was not performing at its optimal level, compared with only 19% who said it was. In something of an anomaly, 38% of mid-sized businesses said their IT was at optimal level, compared with only 11% for SMBs and enterprises respectively.

Cloud ranked highly in the vast majority of questions asked. Almost half (49%) of overall respondents said it had the best potential to deliver highest ROI, alongside big data (49%) and automation (47%). 52% of overall respondents – rising to 67% for smaller businesses – said cloud had the greatest potential to deliver further productivity, while 73% identified it as a ‘transformational’ technology, albeit behind big data analytics (85%).

The report notes the importance of automation as forming the next generation of cloud services – a trend this publication has reported on frequently this year. “Where the C-suite considers AI, ML, and deep learning to be fundamental elements of digital transformation, IT professionals are looking toward the technology and processes that underpin continuous integration and delivery – which ultimately enable enhanced performance and digital experience in today’s environments,” the report explains.

Hong Kong is one of the most advanced cloud nations, hitting top spot in the most recent analysis from the Asia Cloud Computing Association (ACCA). The region was praised specifically for its ‘tradition of robust future planning and a strong tech industry… ensuring [its] infrastructure is primed for fast, reliable and secure cloud offerings targeting the entire region.’

“In 2018 more than ever, IT professionals have an opportunity to continue identifying ways to optimise the digital experience for end users in hybrid IT environments while prioritising investments in technologies that will deliver business value visible well beyond IT,” the report concludes. “IT must also be the convening voice in business discussions, showcasing the ongoing value of IT professionals as the partners to the business, supplying expertise and experience on the technologies that will enable the business to deliver digital transformation success.”

You can read the full report here (pdf).

Hybrid cloud and multi-cloud security is becoming top of mind for organisations – but many still persist with best of breed tools for both systems rather than combining into one ‘best of suite’ offering.

That is the key finding following a report from Santa Clara-based Cavirin Systems. The report, which polled more than 350 IT admins, IT decision makers and C-suite executives, found 81% of organisations currently deploy a hybrid or multi-cloud strategy, with 11% only going on-premise and 8% with one cloud provider.

For those who have two or more, Azure, cited by almost half of those polled, was most popular, ahead of IBM (45.8%), Oracle (34.7%), Amazon Web Services (32.3%), and Alibaba (20.7%). 46% said their setup was on-premise with VMs, while the same number cited on-premise with private cloud management.

When it came to what hybrid cloud security meant for those polled, more than two thirds (68.9%) said it meant verification their public account was secure and confirmation that workloads in the cloud, such as VMs and container instances, were secure. More than half (52.6%) said it meant ensuring all sensitive data was out of the cloud.

The most popular form of hybrid cloud security architecture is separate best of breed tools for both on-premise and cloud, cited by more than 60% of respondents. More than half (51.4%) said they used a best in suite tool – in other words a single tool spanning on-premise and cloud. More than a third (36.7%) said they use a cloud access security broker (CASB) tool for their hybrid security management, while one in five are using a dedicated container security tool.

When looking at the overall state of health, only one respondent was brave enough to admit their cybersecurity posture needed ‘immediate help.’ More than half (53.4%) said their outlook was healthy, with 22% saying their posture was impenetrable.

According to separate research from ESG, more than four in five enterprises are adopting a hybrid cloud approach, yet only 30% were using unified security tools spanning both on-premise and cloud. “The fact that this will grow to 70% over the next two years speaks well of Cavirin’s hybrid cloud approach, helping address a key barrier to hybrid cloud adoption – security and visibility,” said Doug Cahill, ESG lead cybersecurity and cloud analyst.

Naturally, Cavirin has a solution to this problem. The newest product, CyperPosture Intelligence, aims to ‘deliver risk, cybersecurity and compliance management by providing visibility and actionable intelligence to the CISO and other stakeholders across hybrid environments’, in the company’s words.

Public cloud continues to go up and up: according to Gartner, the market will grow 21.4% in 2018 to total $186.4 billion (£131.4bn).

Almost 40% of this will come from software as a service (SaaS), with a quarter to come from what Gartner calls cloud business process services (BPaaS) – delivering business process outsourcing (BPO) – and 22% to come from infrastructure as a service (IaaS).

IaaS, however, will outstrip BPaaS by 2021 according to Gartner’s predictions. In three years total public cloud service revenues will surpass $300 billion ($302.5bn), with SaaS accounting for 38% of that total, IaaS 27% and BPaaS 19%. SaaS will also hit 45% of total application software spending by 2021.

When it came to analysing IaaS specifically, Gartner predicts the hyperscale players to increase their dominance. In 2016, the analyst firm said the top 10 players in the market – Amazon Web Services (AWS), Microsoft Azure, Google, IBM and the rest – accounted for half of the total IaaS market. By 2021, this figure will rise to 70%.

“The increasing dominance of the hyperscale IaaS providers creates both enormous opportunities and challenges for end users and other market participants,” said Sid Nag, Gartner research director. “While it enables efficiencies and cost benefits, organisations need to be cautious about IaaS providers potentially gaining unchecked influence over customers and the market.”

Nag noted the rise of multi-cloud as key to this. Organisations will want to move workloads from cloud to cloud without fear of reprisal. Could there be another wave of vendor lock-in? “In response to multi-cloud adoption trends, organisations will increasingly demand a simpler way to move workloads, applications and data across cloud providers’ IaaS offerings without penalties,” said Nag.

Platform as a service (PaaS) will comprise 8% of the total public cloud market this year at a relatively princely $15 billion, while cloud management and security services will total $10.5bn.

Hewlett Packard Enterprise (HPE) has announced the acquisition of London-based RedPixie to further bolster its cloud consulting expertise.

RedPixie’s vision, in the company’s own words, is ‘to go beyond technology, building and managing Azure hybrid solutions for clients in financial services.’ The company was founded in 2010 and comprises a team of business consultants, cloud architects and data scientists.

The acquisition will fall under the remit of HPE Pointnext, the company’s services business. “With this acquisition, we will continue to expand our comprehensive hybrid IT portfolio and will be even better positioned to help our customers build new digital experiences and drive better business outcomes now and into the future,” wrote Ana Pinczuk, SVP and GM of HPE Pointnext.

With the acquisition HPE now has both of the leading cloud infrastructure providers covered. In September the company bought Cloud Technology Partners (CTP), whose focus is more on the Amazon Web Services (AWS) side.

For HPE, the proposition is clear: hybrid IT and multi-cloud is increasingly the order of the day. According to figures last year from 451 Research, around half of AWS users were also using Azure and vice versa.

“The reality today is that enterprises face a hybrid IT world,” wrote Pinczuk. “Some workloads are best suited to the public cloud, some should live in a private cloud environment and others need to stay in traditional on-premises infrastructure. Finding the right mix will enable businesses to analyse data quickly, efficiently manage workloads and ultimately accelerate business outcomes by driving new business models, creating new customer and employee experiences, and improving operational performance.”

Financial terms of the acquisition were not disclosed.

Google has touted itself as the first public cloud provider to run all its clouds on renewable energy.

The company, which says it is the largest corporate purchaser of renewable energy in the world – almost three times as much as Amazon and Microsoft, its primary cloud rivals – has been working to attain this goal for the best part of a decade.

With the belief that 2017 would be the year the ‘road to 100%’ would be completed, the company ramped up its efforts. 2016 saw Google’s operational projects cover almost three fifths (57%) of the energy used from global utilities. With the addition of a record number of new contracts for wind and solar developments still under construction, it enabled the company to surpass the 100% total.

“Over the course of 2017, across the globe, for every kilowatt hour of electricity we consumed, we purchased a kilowatt hour of renewably energy from a wind or solar farm that was built specifically for Google,” wrote Urs Hölzle, Google technical infrastructure senior vice president in a blog post. “This makes us the first public cloud, and company of our size, to have achieved this feat.”

Hölzle added that plans will only escalate in future months and years with new data centre and office openings. In February, Google CEO Sundar Pichai outlined expansion plans for Google’s data centres in the US, having attended the groundbreaking for the outlet in Clarksville/Montgomery County in Tennessee. Pichai noted the importance of renewable energy generation in data centre building and maintenance.

“People often discuss ‘the cloud’ as if it’s built out of air – but it’s actually made up of buildings, machinery, and people who construct and manage it all,” Pichai wrote at the time. “Today we employ an estimated 1,900 people directly on our data centre campuses. We’ve created thousands of construction jobs – both for our data centres themselves, and for renewable energy generation.

“Our renewable energy purchasing commitments to date will result in energy infrastructure investments of more than $3.5 billion globally – about two thirds of that in the United States,” Pichai added.

Alibaba’s cloud expansion continues: the company has announced an expansion into Turkey alongside E-Glober.

E-Glober, the only authorised agent and business partner of Alibaba.com in Turkey, will provide their local connections and insights with Alibaba Cloud’s global infrastructure to ‘provide a compelling offering to meet the digitalisation and international expansion needs of local companies’, as the press materials put it.

Alibaba is pushing its Elastic Compute Service (ECS) with this, citing an IDC study which found the public cloud market was worth almost $97 million in 2017. The company also sees Turkey as a ‘gateway’ nation between the East and the West.

Last month, Alibaba Cloud opened data centre facilities in Indonesia, while in February the company chose Mobile World Congress – its stand proclaiming the company was the fastest growing cloud provider in the world – as the basis for several pieces of Europe-focused product news. These included announcements around infrastructure, big data and artificial intelligence (AI), and a hybrid cloud services platform.  

“Alibaba Cloud has always been dedicated to making our future-proof technology inclusive within the markets in which we operate,” said Yeming Wang, deputy general manager of Alibaba Cloud Global in a statement. “We aim to become the preferred cloud service provider for all sizes of business in Turkey by providing a full range of cloud solutions and combining this with E-Glober’s local expertise.

“Working with knowledgeable and well-connected local partners such as E-Glober will help mitigate language and cultural barriers, as well as reinforce Alibaba Cloud’s foothold within the market when it comes to helping Turkish companies internationalise and seize opportunities in this digital age,” he added.

Microsoft has admitted the speed in which the CLOUD Act was enacted was ‘a bit of a shock’ – but added there was more to do to protect users’ privacy rights across borders.

The act, which stands for ‘clarifying lawful overseas use of data’, was signed into law two weeks ago and ultimately represents the culmination of a case which began four years ago concerning an email in Dublin.

During a drug trafficking investigation in 2013, Microsoft refused to provide details of an email that a US citizen had stored on one of its servers in Ireland. Microsoft’s argument was: if the US government does not have the power to search a home in another country, it should not have the power to search the contents of emails stored overseas.

Back in 2014, this publication reported on a ruling from Judge James C. Francis, who ruled US-based providers must hand over customer emails even if they are in an overseas location. Following a further ruling in August by US District Judge Loretta Preska, ZDNet described it as ‘single-handedly kill[ing] trust in the US technology industry.’

The CLOUD Act “establishes a procedure for a provider of electronic communication service to seek protection from mandatory disclosure of non-US data to the [US government] where disclosure would violate the non-US law of the jurisdiction where the data is stored,” according to law firm Baker McKenzie. Yet while this procedure has been established, privacy concerns may also remain.

In a lengthy blog post earlier this week, Brad Smith, Microsoft president, said the act ‘both creates the foundation for a new generation of international agreements and preserves rights of cloud service providers to protect privacy rights until such agreements are in place.’

“Our goal has always been not to make repeated visits to court to litigate contentious propositions but to establish new international rules that will avoid legal conflicts and advance privacy rights and law enforcement needs together,” wrote Smith. “It is here that the CLOUD Act makes a vital contribution.”

Scott Bekker, editor in chief at Redmond Channel Partner, wrote in an editorial that the passage of the CLOUD Act “gives Microsoft and its channel partners a much stronger privacy story for international customers and an opportunity, along with other US-based cloud providers, to continue leading the global charge for cloud computing.”

Yet Smith added there was a ‘heavy responsibility’ on tech companies in what was already a turbulent period of time. “The cloud has made the role of tech companies on privacy issues a practical necessity,” Smith wrote. “The CLOUD Act preserves and expands this role with legal certainty. It creates a responsibility for tech companies both to help protect public safety and preserve personal privacy.

“At Microsoft, our answer is that we appreciate and accept the responsibility thrust upon us,” Smith added. “We acknowledge that no company will ever be perfect, and we recognise that constant learning will be essential to fulfilling this responsibility each day. But we also point to our track record.

“We did not sue our own government four times and devote energy to these issues over four sometimes long years to stop showing resolve now. This journey is not yet complete, and we look forward to continuing to work with so many others to see it to a successful conclusion.”

Oracle has announced the availability of enhanced UK cloud services promising customers ‘unprecedented levels of performance and availability’.

The company will expand its UK cloud region, which comprises three physically separate, high bandwidth and low latency sites, and will offer a range of Oracle PaaS and IaaS services, as well as the highly publicised autonomous database service.

To that end, the company rolled out a couple of satisfied customers; the National Grid, who said using Oracle’s IaaS would make sure they ‘deliver lower cost services going forward’, while cloud rendering firm YellowDog said it will appreciate the lower latency compared to using Oracle’s EU cloud region.

Oracle announced its first autonomous database service, the Oracle Autonomous Data Warehouse Cloud at an event last week, with attendees told it will be the first of several autonomous PaaS services being delivered this year. In recent earnings reports, Larry Ellison has spoken about little else; last month he told analysts “no other cloud provider has anything like it” and that autonomous mobility, analytics, and integration services were in the pipeline.

Yet of more interest – to this publication at least – is the fact Oracle now appears to be more confident in its global cloud footprint.

About a year ago this reporter contacted the company to ask for a map, or even a list, of its cloud data centre regions – only to be told there wasn’t one. Today, behold the map [below]. The earliest date CloudTech can find for the page’s appearance was November last year, which suggests this is a relatively recent initiative.

The map shows a total of 12 regions across five continents, with Europe represented by London, Slough, Amsterdam and Frankfurt. Oracle’s future plans however are far greater. At its CloudWorld event last month, Oracle promised a dozen new regions, including expansion to Canada, China, India and Japan among others.