Bright future for security in the cloud

As reverberations from last week's ransomware attack continue to be felt throughout the world and the security industry, the answer to how we can minimize the impact that these types of attacks can have on a company may be found in the cloud. For example, WannaCry ransomware, as it is called, preyed on Microsoft computers that failed to update the latest security patch that was issued in March, an oversight that an IT savvy company operating in the cloud would not fall victim to.

The good news continues to pour in on increased adoption of cloud-based services, including a new report from Intel Security, titled Building Trust in a Cloudy Sky: The State of Cloud Adoption and Security, which finds that cloud services are now a regular component of IT operations, and are utilized by more than 90 percent of organizations around the world.

Many are working under a “cloud first” philosophy, only choosing to deploy an internal service if there is no suitable cloud variant available, and as a result, IT architectures are rapidly shifting to a hybrid private/public cloud model, with those surveyed expecting 80 percent of their IT budget to be cloud-based within an average of 15 months, according to the report.

For the report, Intel Security surveyed more than 2,000 IT professionals in September 2016 to produce this annual review of the state of cloud adoption, representing a broad set of industries, countries, and organization sizes. In the face of a continuing shortage of skilled security personnel, the impact of this scarcity on cloud adoption was a priority for this year's report.

“Cloud first. Two simple words, but the approach is now well and truly ensconced into the architecture of many organizations across the world,” Raj Samani, chief technology officer, EMEA, Intel Security, said in the report. “Our initial assumption when designing the survey, that there was a gap between intent and implementation and that the transformation to cloud would take several years, was proven inaccurate. The desire to migrate quickly towards cloud computing appears to be on the agenda for most organizations.”

In the forward to the report, Jim Reavis, CEO, Cloud Security Alliance, said, “This report clearly resonates with the anecdotal information I have received in my travels representing the Cloud Security Alliance this past year. Cloud computing is maturing and broad-based adoption is occurring.”

Overall, the study found that cloud services are widely used in some form, with 93 percent of organizations utilizing software-, infrastructure-, or platform-as-a-service offerings. Cloud architectures also changed significantly, from predominantly private-only in 2015 to increased adoption of public cloud resulting in a predominantly hybrid private/public infrastructure in 2016. Also, the average number of cloud services in use in an organization dropped from 43 in 2015 to 29 in 2016, indicating potential consolidation of cloud providers or solutions.

Interestingly, almost half (49 percent) of the professionals surveyed stated that they had slowed their cloud adoption due to a lack of cybersecurity skills.

The trust and perception of public cloud services continues to improve year-over-year, the report said, and most organizations view cloud services as or more secure than private clouds, and much more likely to deliver lower costs of ownership and overall data visibility. Those who trust public clouds now outnumber those who distrust public clouds by more than 2:1. Overall, 62 percent of organizations reported storing personal customer information in public clouds.

“Improved trust and perception, as well as increased understanding of the risks by senior management, is encouraging more organizations to store sensitive data in the public cloud,” the report found.

Virtualization of private data center architectures is progressing, and on average, 52 percent of an organization's data center servers are virtualized, and most expect to have the conversion to a fully software-defined data center completed within 2 years, according to the findings.

Because businesses are trusting cloud services with a wide range of applications and data, much of it sensitive or business critical, the report stated that this movement of sensitive data to the public cloud may attract cybercriminals.

“Security vendors are delivering tools to address fundamental security concerns, such as protecting data in transit, managing user access, and setting consistent policies across multiple services,” the report concluded. “Attackers will look for the easiest targets, regardless of where they are located. Integrated or unified security solutions are a strong defense against these threats, giving security operations visibility across all of the services the organization is using and what data sets are permitted to traverse them."

The report noted that organizations should ensure that they are using authentication best practices, such as distinct passwords, multi-factor authentication, and even biometrics where available.

“Despite the majority belief that Shadow IT is putting the organization at risk, security technologies such as data loss prevention (DLP), encryption, and cloud access security brokers (CASBs) remain underutilized,” according to the findings. “Integrating these tools with an existing security system increases visibility, enables discovery of shadow services, and provides options for automatic protection of sensitive data at rest and in motion throughout any type of environment. Consider adopting a Cloud First strategy to encourage adoption of cloud services to reduce costs and increase flexibility, and put security operations in a proactive position instead of a reactive one.”

The bottom line: The cost and resource savings of cloud services are real, and the wide variety of offerings makes it possible to choose the best fit for the organization, according to the report.

Click here for the full report.