A survey from Intel has highlighted companies are now becoming more trusting of cloud propositions, though public cloud platforms are still not trusted to secure sensitive data.
The Blue Skies Ahead? The State of Cloud Adoption report stated 77% of the respondents believe their company trusts cloud platforms more than 12 months ago, though only 13% would utilize public offerings for sensitive data. 72% point to compliance as the biggest concern with cloud adoption.
“This is a new era for cloud providers,” said Raj Samani, CTO at Intel Security EMEA. “We are at the tipping point of investment and adoption, expanding rapidly as trust in cloud computing and cloud providers grows. As we enter a phase of wide-scale adoption of cloud computing to support critical applications and services, the question of trust within the cloud becomes imperative. This will become integral into realising the benefits cloud computing can truly offer.”
One area of the survey which could be perceived as a concern is only 35% of the respondents believe C-level executives and senior management understand security risks of the cloud. Industry insiders have told BCN that executives are almost using cloud security as a sound-bite to demonstrate to investors that the board prioritizes technology as a means of driving business innovation, though few could be considered technology orientated or competent.
“The key to secure cloud adoption is ensuring sufficient security controls are integrated from the start so the business can maintain their trust in the cloud,” said Samani. “There is a growing awareness amongst the C-suite of the potential consequences of a data breach. Yet IT must take steps to educate senior management further on the enabling capabilities of the cloud, underlining the importance of always keeping security considerations front of mind.”
“Securing the cloud is a top-down process but getting every employee to follow best practice and behave in a secure manner requires company-wide participation. For example, when faced with many of the cloud threats defined by the Cloud Security Alliance (CSA), IT will absolutely require employee support to ensure data remains secure.”
From an investment perspective, Infrastructure-as-a-Service (IaaS) continues to lead the way with 81% of respondents highlighting their organization is planning to invest in this area. Security-as-a-Service followed closely with 79%, whereas Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) accounted for 69% and 60% respectively. The survey also highlighted respondents expect 80% percent of their IT budgets to be dedicated to cloud computing services in the next 16 months.
While the increased trust in cloud platforms is a positive, it would appear in some circumstances it is a case of blind trust. More than a fifth of IT decision makers are not sure whether unauthorized cloud services are being used within the organization and 13% cannot account for what is currently being stored in the cloud. Shadow IT continues to distress IT departments throughout the industry and the most popular means of dealing with it would appear to be database activity monitoring according to 49% of the respondents.
Shadow IT maybe a concern for the vast majority of companies in the journey to cloud security, but it does lead to the question as to whether conquering shadow IT is possible, and whether 100% secure can ever be a realistic goal. “Faced with a rapidly expanding threat landscape, IT should never consider their infrastructure to be 100% secure,” said Samani. “Attack methods are constantly updated: there is no room for complacency. IT departments must ensure they regularly update and check their security measures, undertaking their due diligence to ensure corporate data remains secure.”
The concept of secure IT would appear to be a growing conversation throughout the ranks within enterprise, though the concrete understanding and commitment behind the sound-bites from executives remains unclear. 100% may well be an unattainable goal however until the concept of secure IT is appreciated completely throughout the organization, from top-to-bottom and bottom-to-top, it would appear companies will be unlikely to utilise cloud platforms for any sensitive data.