March 7, 2017

The State of Cloud Security and Trust in 2016

Written by

Last month, Intel released a new report called “Building Trust in a Cloudy Sky” that made some startling discoveries about enterprise cloud use and public confidence in cloud security. While trust in cloud services continues to rise, so do concerns over the cloud’s biggest risks: shadow IT and skill shortages.  

ALSO READ: A Beginner’s Guide to IT Service Companies

The study provides insight into the current climate of cloud usage among larger businesses. While the study illuminates the state of the cloud in 2016, it also highlights some of the trends that dominate cloud technology and adoption in recent years. It’s particularly helpful to compare the trends of adoption, trust, and security between Intel’s 2015 and 2016 data.

This comparison shows:

  • increased movement to the cloud
  • increased trust in cloud-based products
  • increased concern about the security of tools and data stored in the cloud

The survey also revealed an increasing need for employees with DevSecOps skills. The scarcity of trained DevSecOps employees causes slow-downs in movement to the cloud, while opening companies to security threats through Shadow IT. Roughly 49 percent of IT pros surveyed said they slowed cloud adoption due to a “lack of cybersecurity skills.” 

Movement to the Cloud

An overwhelming majority (93 percent) of the companies surveyed use cloud services in some form, and 57 percent of these companies were using a hybrid of public and private cloud services in 2016. 80 percent of respondents claim their teams employ “cloud-first” strategies that seek to cut expenses and speed adoption of new services by preferring cloud options over on-premise.

80 percent of respondents employ cloud-first” strategies.

A cloud-first strategy seeks to operate with at least 80 percent of services running in the cloud. Those who adopt these policies have a higher confidence in the speed of their company to adopt cloud solutions. They estimate a conversion rate of fewer than 12 months, while those without the policy believe their company could take as long as 20 months to convert to cloud solutions.

When compared with last year’s data, the cloud-first movement may be somewhat optimistic with their conversion rates, as the average time to switch only dropped from 16 months in 2015 to 15 months in 2016. However, the companies who gave a vote of no-confidence in a cloud-first strategy was reduced by half. 

Increased Trust

In addition to the reduction in votes of no-confidence for cloud-first budgets, the study also showed significant positive trends in trust of cloud environments, both public and private. 59 percent of those surveyed believe that a public cloud can provide a lower cost of ownership, and 54 percent believe that public clouds can increase visibility of the organization’s data.

59 percent believe that a public cloud can provide lower cost of ownership.

Trust for the public cloud remains high across almost all metrics, and trust for the private cloud only matches that of the public cloud in one option: security from hackers. This growth in confidence in the public cloud comes from several factors, but low cost, increased visibility, and increased sense of security all rank high here.

The recent growth in security measures that provide visibility between tools across multiple vendors has helped increase the trust of many companies. These tools let security and IT teams monitor usage, check for outages, and audit for security. One side-effect of this is the increased use of public cloud storage for private and personal data, as companies can detect and react to security threats faster.

While almost all sectors report an increased movement to public clouds, these cannot provide the sorts of security and regulatory compliance measures that come with the implementation of a private cloud. Those industries with strict security regarding personal data will likely continue to use private clouds to remain compliant.

More Concern Over Safety and Security

While movement to the cloud is growing across nearly all sectors, a lack of IT resources devoted to security has raised some potential issues with the safety of data. Almost half of the companies have slowed their adoption and usage of cloud technologies due to concerns about security.

Over 50 percent of respondents claimed they have tracked a malware incident from a SaaS provider. These threats are a growing concern for companies who have lowered resources. When companies cannot afford the proper security measures and staff, they open themselves up to rising Shadow IT services that increase the threat of malware or breaches.

50 percent of respondents have tracked a malware incident from a SaaS provider.

For those companies using SaaS providers, the main concern centered around the security of data in transit to and from those cloud platforms. We also see a reduction in the technical concerns that slowed adoption in the past, with cost rising to the number-two issue and integration or access concerns dropping down the list. These changes suggest that the platforms are becoming more user-friendly, with more visible security controls, and more companies are adopting these solutions in response.

Despite all of these security concerns, almost 85 percent of the respondents said that they store some or all sensitive data in the public cloud. The industries most likely to use public storage are those where online transactions are common including utility and retail sectors. This shows that while we may have concerns about the ability of public clouds to protect our data, the ease of use and cost outweigh those fears.

Shadow IT

Perhaps the most surprising issue facing the adoption of cloud technologies is not one of ease of use or security, but that employees adopt these tools without involving IT departments. This rise in “shadow IT” increases security risks across companies and across the cloud. Intel’s study estimated that 40 percent of the cloud services currently in use were implemented without IT involvement. Only one percent of companies are not monitoring shadow IT usage, which is down from five percent last year.

IT professionals are increasingly aware of the need for visibility across their cloud environments. They also implement more active methods for reducing shadow IT, from next-generation firewalls and database activity monitoring to spreading knowledge via word of mouth. Only 27 percent of users claim to block all unauthorized cloud usage. Afraid this sends a combative message to employees, more companies look for creative and communicative ways to improve visibility.

Looking Forward

This report provides some insight into our current state of cloud adoption and management, but the real test comes with how we use this knowledge to improve the landscape. Shadow IT poses a real threat to the security of sensitive data in any cloud, and it is only through improved communication across teams that we can reduce this threat. Cloud solutions that currently live in the shadows should move under the IT team’s security umbrella, or a more workable solution should take their place.

The movement of data out of the shadows and increased communication amongst teams can couple nicely with a renewed focus on visibility. When IT managers can see the their data across clouds and within the organization, they are better equipped to react to threats, or even employ preventative security measures.  

Another interesting conclusion the study presented was that DevSecOps positions are in high demand. Roughly 44 percent of companies employ these professionals, but the lack of DevSecOps knowledge is a major factor in slowing down the adoption of cloud-first strategy. The bottom line: hire someone in the DevSecOps field, or get certified yourself.

* * *

Intel’s “Building Trust in a Cloudy Sky” report surveyed over 2,000 technology professionals from 11 countries with diverse skill sets and various industry backgrounds. Respondents ranged from C-level decision makers to analysts and architects. Most of the respondents worked for large companies with 1,000-5,000 employees.


Image credit: Intel Newsroom