Cloud Stampede Is On, But Who's Watching Security? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10:05 AM
Connect Directly

Cloud Stampede Is On, But Who's Watching Security?

A survey by Intel and the Cloud Security Alliance finds that the use of cloud services is increasing, but more in-depth security measures are needed.

10 Cloud Jobs In Highest Demand Now
10 Cloud Jobs In Highest Demand Now
(Click image for larger view and slideshow.)

France, Spain, and Canada are among the world's leaders in the average number of cloud services companies are using. That number is 48 in Spain and Germany, and 46 in Canada. But by far the world leader is Brazil, where the average number of cloud services adopted is 55.

The United States, where the cloud was invented, lags with an average of 44 services. The countries where companies had implemented the fewest cloud services were Germany, 38; Australia, 37; and Great Britain, 29.

This data is according to a worldwide survey sponsored by Intel Security and its subsidiary McAfee. The survey was conducted by Vanson Bourne, an independent technology market researcher, which conducted 1,200 interviews with IT leaders in June 2015 to compile the report, "Blue Skies Ahead? The State Of Cloud Adoption."

The Cloud Security Alliance was an adviser on the survey's formulation.

The cloud services allowed in the study include different forms of private cloud, hybrid cloud, and the various forms of public cloud: software-as-a-service (SaaS), such as Salesforce and Workday; infrastructure-as-a-service (IaaS), such as Microsoft Azure and Amazon Web Services; platform-as-a-service (PaaS), such as Google App Engine and IBM Bluemix; and security-as-a-service, such as HyTrust and Verizon.

[Want to see how the federal government is moving toward more cloud computing? Read 'Cloud-First' To Close 5,000 Federal Data Centers.]

The growing number of services used reflects another fundamental trend: Enterprise IT managers still don't fully trust the cloud, but they trust it more than they used to. Asked if their organization trusts the cloud more now than it did a year ago, 3% said no, 20% said they didn't know, and 77% said yes.

(Image: chairboy/iStockphoto)

(Image: chairboy/iStockphoto)

And there's still plenty of skepticism: 37% said they trust their own private cloud, while just 13% trust the public cloud. "The public cloud is the least trusted model," the report noted.

A Matter Of Trust

The shortage of trust in the cloud appears to be on a collision course with adoption of cloud use. The survey revealed a high expectation for cloud adoption by companies all over the world over the 12 to 18 months.

Asked how soon they'll hit a level of 80% reliance on cloud operations, companies in the US, Canada, and Spain said within 14 months. In France, the average expectation was 16 months; in Germany, 18 months. Again, the country to show up on the slow adoption end of the scale was Great Britain, at 28 months. The shortest time period expected was Brazil's 12 months, followed by Australia's 11 months.

All of the time periods were so short that two contributors to the report, Intel's EMEA CTO for Intel Security, Raj Samani, and Jim Reavis, CEO of the Cloud Security Alliance, said of the 12-to-18-month time period "some people refer to this as a tipping point in IT."

In fact, many of the respondents meant "private" cloud when answering the time period question, and that sometimes covers everything from having a section of virtualized servers to using a Microsoft, Google, or IBM development platform. Fifty-one percent said their cloud deployment would consist of private cloud; 30% said public cloud; and 19% said hybrid cloud operations.

Focus On Security

The survey suggests it's time "for a re-evaluation of what the real cloud threats are," the report said. Twenty-three percent said they had experienced a data loss or breach; 23% also said they had difficulty getting visibility into security incidents; 20% claimed an unauthorized access to their data or services; 19% cited difficulty in obtaining security event log files; and 18% reported difficulty in a coordinated incident response.

Among the most serious incidents were account takeovers and an intruder's traversal from cloud to internal systems, both reported by 13%.

At the same time, the survey indicated that organizations were using three types of security to protect their SaaS, including file encryption and email security.

Learn to integrate the cloud into legacy systems and new initiatives. Attend the Cloud Connect Track at Interop Las Vegas, May 2-6. Register now!

Organizations surveyed are using an average of four security measures to protect their IaaS, whether public cloud or private cloud, including firewalls and encryption.

Security-as-a-service can be used for some of the same purposes as the measures enterprises already have in place to protect infrastructure and private clouds: email protection, Web server protection, anti-malware, and application firewall.

The report cited a second SANS Institute survey, "Orchestrating Security in the Cloud," as a source for additional information. The SANS Institute provides training for cybersecurity professionals.

Over the next 18 months, organizations should consider boosting their security features, according to the SANS Institute report. Recommended additions include vulnerability scanning, multifactor authentication, data loss prevention, log management, intrusion detection and intrusion prevention systems, and security information and event management systems.

The Intel/Cloud Security Alliance report also cited a Gartner report as predicting that cloud access security brokers, a service now in use by five percent of large enterprises, will be in use at 85% of them by 2020. Such systems can ensure only authorized users are tapping into SaaS applications and track "shadow IT" users as they create new external user accounts and start unauthorized cloud activity.

Even with rapid movement into cloud services, responsibility for protection of corporate data will largely remain on premises, even if the data moves off. Keeping control of the data and regaining visibility into activities using it will go a long way toward enabling a further transition to cloud computing, the report concluded.

But responsibility for getting there still rests on CIOs and CISOs, sometimes with help from top management and sometimes despite a gap in understanding within the C-suite that puts the burden on IT pros to educate them.


Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Susan Fourtané
Susan Fourtané,
User Rank: Author
4/20/2016 | 12:19:59 PM
Re: Can the cloud provide better security?

Rather than better security we could say the cloud provides a different kind of security. Some enterprises have miscalculated risk assessment for being convinced their data would be better protected using in-house data storage.

The resistence of moving to the cloud has led some companies to pay a high price. Since networks are constantly empowered with more and improved security you only need to evaluate how often your in-house storage is being updated or upgraded. Then you easily can have your answer. 

Charlie Babcock
Charlie Babcock,
User Rank: Author
4/18/2016 | 5:11:48 PM
Can the cloud provide better security?
'IT managers don't fully trust the cloud, but they trust it more than they used to.' That may be because they don't fully trust their own defenses either. When it comes to cloud operations, the customer retains some responsibility for security. As uncomfortable as that may be, it is likely to continue for the foreseeable future. At some point, customers may go all-in on the cloud in order to get it to take on more of the security responsibility.           
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll