Cloud Stampede Is On, But Who's Watching Security? - InformationWeek
IoT
IoT
Cloud
News
4/18/2016
10:05 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cloud Stampede Is On, But Who's Watching Security?

A survey by Intel and the Cloud Security Alliance finds that the use of cloud services is increasing, but more in-depth security measures are needed.

10 Cloud Jobs In Highest Demand Now
10 Cloud Jobs In Highest Demand Now
(Click image for larger view and slideshow.)

France, Spain, and Canada are among the world's leaders in the average number of cloud services companies are using. That number is 48 in Spain and Germany, and 46 in Canada. But by far the world leader is Brazil, where the average number of cloud services adopted is 55.

The United States, where the cloud was invented, lags with an average of 44 services. The countries where companies had implemented the fewest cloud services were Germany, 38; Australia, 37; and Great Britain, 29.

This data is according to a worldwide survey sponsored by Intel Security and its subsidiary McAfee. The survey was conducted by Vanson Bourne, an independent technology market researcher, which conducted 1,200 interviews with IT leaders in June 2015 to compile the report, "Blue Skies Ahead? The State Of Cloud Adoption."

The Cloud Security Alliance was an adviser on the survey's formulation.

The cloud services allowed in the study include different forms of private cloud, hybrid cloud, and the various forms of public cloud: software-as-a-service (SaaS), such as Salesforce and Workday; infrastructure-as-a-service (IaaS), such as Microsoft Azure and Amazon Web Services; platform-as-a-service (PaaS), such as Google App Engine and IBM Bluemix; and security-as-a-service, such as HyTrust and Verizon.

[Want to see how the federal government is moving toward more cloud computing? Read 'Cloud-First' To Close 5,000 Federal Data Centers.]

The growing number of services used reflects another fundamental trend: Enterprise IT managers still don't fully trust the cloud, but they trust it more than they used to. Asked if their organization trusts the cloud more now than it did a year ago, 3% said no, 20% said they didn't know, and 77% said yes.

(Image: chairboy/iStockphoto)

(Image: chairboy/iStockphoto)

And there's still plenty of skepticism: 37% said they trust their own private cloud, while just 13% trust the public cloud. "The public cloud is the least trusted model," the report noted.

A Matter Of Trust

The shortage of trust in the cloud appears to be on a collision course with adoption of cloud use. The survey revealed a high expectation for cloud adoption by companies all over the world over the 12 to 18 months.

Asked how soon they'll hit a level of 80% reliance on cloud operations, companies in the US, Canada, and Spain said within 14 months. In France, the average expectation was 16 months; in Germany, 18 months. Again, the country to show up on the slow adoption end of the scale was Great Britain, at 28 months. The shortest time period expected was Brazil's 12 months, followed by Australia's 11 months.

All of the time periods were so short that two contributors to the report, Intel's EMEA CTO for Intel Security, Raj Samani, and Jim Reavis, CEO of the Cloud Security Alliance, said of the 12-to-18-month time period "some people refer to this as a tipping point in IT."

In fact, many of the respondents meant "private" cloud when answering the time period question, and that sometimes covers everything from having a section of virtualized servers to using a Microsoft, Google, or IBM development platform. Fifty-one percent said their cloud deployment would consist of private cloud; 30% said public cloud; and 19% said hybrid cloud operations.

Focus On Security

The survey suggests it's time "for a re-evaluation of what the real cloud threats are," the report said. Twenty-three percent said they had experienced a data loss or breach; 23% also said they had difficulty getting visibility into security incidents; 20% claimed an unauthorized access to their data or services; 19% cited difficulty in obtaining security event log files; and 18% reported difficulty in a coordinated incident response.

Among the most serious incidents were account takeovers and an intruder's traversal from cloud to internal systems, both reported by 13%.

At the same time, the survey indicated that organizations were using three types of security to protect their SaaS, including file encryption and email security.

Learn to integrate the cloud into legacy systems and new initiatives. Attend the Cloud Connect Track at Interop Las Vegas, May 2-6. Register now!

Organizations surveyed are using an average of four security measures to protect their IaaS, whether public cloud or private cloud, including firewalls and encryption.

Security-as-a-service can be used for some of the same purposes as the measures enterprises already have in place to protect infrastructure and private clouds: email protection, Web server protection, anti-malware, and application firewall.

The report cited a second SANS Institute survey, "Orchestrating Security in the Cloud," as a source for additional information. The SANS Institute provides training for cybersecurity professionals.

Over the next 18 months, organizations should consider boosting their security features, according to the SANS Institute report. Recommended additions include vulnerability scanning, multifactor authentication, data loss prevention, log management, intrusion detection and intrusion prevention systems, and security information and event management systems.

The Intel/Cloud Security Alliance report also cited a Gartner report as predicting that cloud access security brokers, a service now in use by five percent of large enterprises, will be in use at 85% of them by 2020. Such systems can ensure only authorized users are tapping into SaaS applications and track "shadow IT" users as they create new external user accounts and start unauthorized cloud activity.

Even with rapid movement into cloud services, responsibility for protection of corporate data will largely remain on premises, even if the data moves off. Keeping control of the data and regaining visibility into activities using it will go a long way toward enabling a further transition to cloud computing, the report concluded.

But responsibility for getting there still rests on CIOs and CISOs, sometimes with help from top management and sometimes despite a gap in understanding within the C-suite that puts the burden on IT pros to educate them.

</a

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Author
4/20/2016 | 12:19:59 PM
Re: Can the cloud provide better security?
Charlie, 

Rather than better security we could say the cloud provides a different kind of security. Some enterprises have miscalculated risk assessment for being convinced their data would be better protected using in-house data storage.

The resistence of moving to the cloud has led some companies to pay a high price. Since networks are constantly empowered with more and improved security you only need to evaluate how often your in-house storage is being updated or upgraded. Then you easily can have your answer. 

-Susan
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
4/18/2016 | 5:11:48 PM
Can the cloud provide better security?
'IT managers don't fully trust the cloud, but they trust it more than they used to.' That may be because they don't fully trust their own defenses either. When it comes to cloud operations, the customer retains some responsibility for security. As uncomfortable as that may be, it is likely to continue for the foreseeable future. At some point, customers may go all-in on the cloud in order to get it to take on more of the security responsibility.           
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll