Virtually every business uses at least one cloud service today and there’s no doubt the percentage will increase over time. However, if a new survey of IT prof is accurate, corporate enthusiasm for cloud has slowed a bit.
Sixty-five per cent of 1,400 information technology workers in 11 countries done for McAfee and released this morning said their organization has a “cloud first” strategy, down from 82 per cent who were asked the same question in 2016.
There may be a link between this and a shortage of staff with cybersecurity skills. Just over one-third who suffered a data theft said they have a cybersecurity skill shortage and have slowed cloud adoption.
However, in an interview, a McAfee official denied the fall in those with a cloud-first strategy suggested a lack of confidence in cloud security. Just under 70 per cent of respondents said they trust the public cloud for storing sensitive data, Vittorio Viarengo, vice-president of marking for McAfee’s cloud business unit, pointed out.
He cited two reasons why the number of organizations with a cloud-first strategy may have dropped: ”As people move to the cloud they are realizing there are new security challenges,” including not having as much control over the network, applications and devices as they do with an on-premise environment.
“As customers realize the new security challenges they’re slowing down a little bit, and they are deploying new tools to make sure they’re data is protected in the cloud,” he said.
Another reason is they are “coming to realization – especially among enterprises – you’re going to have on-prem private cloud for a long, long tine.”
“These things swing,” he added. Initially IT leaders resisted the cloud. Then they realized cloud services could make delivering IT more cost-effective. “Now it [support] is coming back to the middle – I’ve got to make sure I know what data I have in the cloud, who accesses it and the policies that I’m going to enforce to make sure I’m compliant and my data is secure”
The survey, done in Q4 2017, included IT and technical operations managers from Canada, Australia, Brazil, France, Germany, India, Japan, Mexico, Singapore, The United Kingdom and the United States.
Thirty-five per cent held the title of CISO/CSO, 11 per cent were IT security managers or directors and 22 per cent were IT managers.
Among other noteworthy numbers, one in four said their organization had experienced data theft from the public cloud, while one in five had suffered an advanced attack against their public cloud infrastructure.
“It should be alarming,” Viarengo admitted, “but if I put my McAfee hat on, that’s why we have a job.” He pointed out McAfee recently bought SkyHigh Networks a cloud access security broker ( CASB), which controls user access to cloud applications.
He is also surprised that only two per cent of respondents say their organization uses 80 or more cloud services. A survey done for a McAfee subsidiary suggests many have upwards of 1,000, he said, suggesting some respondents in the recent survey are in “denial” over how many cloud services there are.
Other questions in the survey dealt with concerns over issues with Infrastructure as a service (IaaS), Software as a Service (Saas) and private cloud, shadow IT, and the use of a DevSecOps strategy for more secure software development.
The report concludes with three best practices for organizations:
·DevOps and DevSecOps have been demonstrated to improve code quality and reduce exploits and vulnerabilities. Integrating development, quality assurance and security processes within the business unit or application team is crucial to operating at the speed today’s business environment demands;
·The use of deployment automation tools, such as Chef, Puppet, or Ansible. Even the most experienced security professionals find it difficult to keep up with the volume and pace of cloud deployments on their own. Automation that augments human advantages with machine advantages is a fundamental component of modern IT operations;
·Unifying security with centralized management across all cloud services and providers. Multiple management tools make it too easy to for something to slip through. A unified management system across multiple clouds with an open integration fabric reduces complexity.
The report, entitled “Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security”, is available here. Registration is required.
