IT professionals are gaining trust in public cloud services, according to the second annual cloud security report from Intel Security, which surveyed more than 2,000 participants. The finding validates an overall perception that confidence in public cloud services continues to improve year over year. Those who trust public clouds now outnumber those who distrust public clouds by more than 2-to-1.
“The ‘Cloud First’ strategy is now well and truly ensconced into the architecture of many organizations across the world,” said Raj Samani, EMEA chief technology officer, Intel Security. “The desire to move quickly toward cloud computing appears to be on the agenda for most organizations. This year, the average time before respondents thought their IT budgets would be 80 percent cloud-based was 15 months, indicating that Cloud First for many companies is progressing and remains the objective.”
Some key findings:
- Shadow IT - due to the ease of procurement, almost 40 percent of cloud services are now commissioned without the involvement of IT
- Visibility of these Shadow IT services has dropped from about 50 percent last year to just under 47 percent this year. As a result, 65 percent of IT professionals think this phenomenon is interfering with their ability to keep the cloud safe and secure.
- The number of organizations using private cloud only has dropped from 51 percent to 24 percent over the past year, while hybrid cloud use has increased from 19 percent to 57 percent.
- On average, 52 percent of an organization’s data center servers are virtualized, 80 percent are using containers and most expect to have the conversion to a fully software-defined data center completed within two years.
- User credentials, especially for administrators, will be the most likely form of attack. Organizations need to ensure they are using authentication best practices, such as distinct passwords, multi-factor authentication and even biometrics where available.
- Security technologies such as data loss prevention, encryption and cloud access security brokers (CASBs) remain underutilized. Integrating these tools with an existing security system increases visibility, enables discovery of shadow services, and provides options for automatic protection of sensitive data at rest and in motion throughout any type of environment.
- Organizations need to evolve toward a risk management and mitigation approach to information security. They should consider adopting a Cloud First strategy to encourage adoption of cloud services to reduce costs and increase flexibility, and put security operations in a proactive position instead of a reactive one.
http://www.mcafee.com/cloudsecurityreport
