Cloud computing: still a question of trust
Intel Security survey shows that although trust concerns remain, especially around public cloud, in 16 months' time, 80% of respondents' IT budgets will be dedicated to cloud computing
An Intel Security report into the state of cloud adoption has highlighted ongoing concerns over the level of trust that organisations have in cloud computing, and in particular in public cloud.
Although the bigger picture from the report shows an overall growing level of trust in cloud over the past year - 77% of enterprises say their organisation trusts cloud computing more now than they did a year ago - cloud computing still suffers in comparison to on-premise or internally hosted IT.
Public cloud is the least trusted, with just 13% of respondents saying they completely trust it, compared with 37% for private cloud and 47% for on-premise or internally hosted systems.
The "Blue Skies Ahead? The State of Cloud Adoption" report did find, however, that in the next 16 months, 80% of survey respondents' IT budgets will be dedicated to cloud computing.
There will be differences in the rate of adoption of different types of cloud platforms - public, private, and hybrid or managed, as well as SaaS, IaaS, and PaaS. Anecdotally, the report says, there is evidence that adoption varies from sector to sector. In highly regulated sectors, such as financial services, there is still some caution about moving to the cloud, while government and the
public sector also lag behind.
The survey results also highlighted cloud investment trends. A majority of organisations are planning on investing in infrastructure-as-a-service (IaaS) (81%), followed by security-as-a-service (79%), platform-as-a-service (PaaS) (69%), and lastly software-as-a-service (SaaS) (60%).
On security and compliance, a majority of respondents (72%) list compliance as the primary concern across all types of cloud deployments, with only 13% of respondent organisations knowing whether or not they stored sensitive data in the cloud.
In terms of security risks, more than one in five respondents said their main concern around using SaaS is having a data security incident, and correspondingly, data breaches were the top concern for IaaS and private clouds. However, the survey said, less than a quarter (23%) of enterprises are aware of data breaches with their cloud service providers.
Knowledge and understanding of senior management of cloud computing is also a problem. Only one-third (34%) of survey respondents feel senior management in their organisation fully understand the security implications of the cloud. High-profile data breaches with major financial and reputational consequences have made data security a top-of-mind concern for C-level executives. But many respondents also feel there is a need for more education and increased awareness and understanding of the risks associated with storing sensitive data in the cloud.
Shadow IT also remains a concern. Despite IT departments' efforts to cull shadow IT activity, 52% of lines of business still expect IT to secure their unauthorised department-sourced cloud services. This lack of visibility into cloud usage due to shadow IT appears to be causing concern in IT departments, with a majority (58%) of respondents surveyed on orchestrating security in the cloud noting that shadow IT has a negative impact on their ability to keep cloud services secure.
Security investment priorities vary across the different types of cloud deployments. Enterprises are using an average of three security solutions to protect their SaaS applications. The most common is file encryption (60%), followed by email security (55%).
For IaaS, organisations are using an average of four security solutions. Most common are firewalls (70%) and encryption (62%). Private cloud also has an average of four security solutions, with firewalls being the most common (67%).
"This is a new era for cloud providers," said Raj Samani, chief technology officer, Intel Security EMEA. "We are at the tipping point of investment and adoption, expanding rapidly as trust in cloud computing and cloud providers grows. As we enter a phase of wide-scale adoption of cloud computing to support critical applications and services, the question of trust within the cloud becomes imperative. This will become integral into realising the benefits that cloud computing can truly offer."
The survey interviewed 1,200 IT decision makers with influence over their organisation's cloud security in Australia, Brazil, Canada, France, Germany, Spain, the UK and the US.