Security Concerns Muddy Cloud Progress
Cloud computing might be the future of information technology but there are still major concerns when it comes to security, as well as finding the right people with the right skills to secure data across public and private cloud infrastructures.
Those are some of the conclusions of a new report -- "Building Trust in a Cloudy Sky" -- released by Intel on Feb. 13 as the 2017 RSA Conference starts in San Francisco. The results are based on interviews with 2,000 IT professionals conducted in September. Those interviewed for the report work in a variety of businesses in a dozen countries.
For proponents of the cloud, the Intel report provides some promising signs that the technology is really taking hold in the enterprise. For example, about 93% of all companies are using some type of cloud services, whether that's Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) or Software-as-a-Service (SaaS).
At the same time, many companies are moving away from private cloud deployments toward public cloud offering, which is creating a hybrid model at many businesses. This means that trust in public cloud is increasing, and those who trust the public cloud outnumber those who distrust the cloud by a ratio of two-to-one, according to the report.
This also means that information once considered sensitive is moving to the public cloud, with 62% of respondents reporting that their companies have moved customer data to these infrastructures.
With this data moving from on-premises data centers to private and then public cloud, the risk is also increasing. About 50% of those interviewed told researchers that they have tracked a malware attack to a SaaS application.
A lack of cybersecurity skills has slowed cloud adoption, with 49% of respondents reporting that this has slowed down cloud deployments over the last year. The need to deploy different cloud services has also led to a spread of shadow IT -- cloud services used by employees but not sanctioned by the IT department -- and about 40% of all cloud services fall into this category.
Shadow IT has caused problems within the enterprise, and even outside it. A recent audit of NASA's technology infrastructure found shadow IT of particular concern, with government data being uploaded to services such as Box and Dropbox. (See NASA Cloud Computing: Security Concerns Hover.)
"The movement of sensitive data to the public cloud may attract cybercriminals. Attackers will look for the easiest targets, regardless of where they are located," according to the report's executive summary. "Integrated or unified security solutions are a strong defense against these threats, giving security operations visibility across all of the services the organization is using and what data sets are permitted to traverse them."
Intel is vested in the cloud computing, shifting its focus away from chips for PCs to processors designed for data centers, as well as other technologies related to the cloud, such as the Internet of Things (IoT). The report was prepared by Intel Security, which includes the company's McAfee acquisition. (See 'Troubled' Intel Rakes in the Dough.)
In conclusion, the Intel report finds that while there is risk to cloud computing, companies can mitigate some of those concerns by getting more involved with security.
"While it is possible to outsource work to various third-parties, it is not possible to outsource risk. Organizations need to evolve towards a risk management and mitigation approach to information security," according to the report.
CALLING ALL CLOUD, NFV AND SDN COMPANIES: Make sure your company and services are listed free of charge at Virtuapedia, the comprehensive set of searchable databases covering the companies, products, industry organizations and people that are directly involved in defining and shaping the virtualization industry.