Cloud computing is everywhere, and so are frayed nerves about security

Fear of the unknown: Intel's latest survey of 1,200 IT decision makers finds most don't know what vulnerabilities exist with their cloud providers and services.

A recent global survey of 1,200 IT decision makers which suggests that when it comes to cloud computing, we're way beyond the tipping point -- cloud is the only way to go. The report, released by Intel Security, finds that in the next 16 months, 80 percent of respondent IT budgets will be dedicated to cloud computing.

building-metropolitan-museum-of-art-2-ny-photo-by-joe-mckendrick.jpg
Photo: Joe McKendrick

However, while cloud is apparently everywhere, so is a great deal of nervousness around security. A majority of enterprise IT leaders (77 percent) note that their organizations trust cloud computing more than a year ago, but only 13 percent completely trust public cloud providers to secure sensitive data.

Add to that a lack of awareness of what vulnerabilities may still exist. A majority of respondents, however (72 percent), list compliance as the primary concern across all types of cloud deployments, and only 13 percent of respondents actually know whether or not their organizations stored sensitive data in the cloud. In addition, fewer than one-quarter (23 percent) of enterprises are aware of data breaches with their cloud service providers.

Many respondents feel there is still a need for more education and increased awareness and understanding of risks associated with storing sensitive data in the cloud. Only one-third (34 percent) of respondents feel senior management in their organization fully understands the security implications of the cloud.A majority of organizations are planning on investing in infrastructure-as-a-service (IaaS) (81 percent), closely followed by security-as-a-service (79 percent), platform-as-a-service (PaaS) (69 percent), and lastly software-as-a-service (SaaS) (60 percent).

Shadow IT -- the under-the-radar adoption of cloud services - is another area of concern. End users adopt all kinds of services and bring them into the enterprise, without IT's knowledge. But guess who comes running to IT when things go wrong? In fact, 52 percent of the lines of business still expect IT to secure their unauthorized department-sourced cloud services. In addition, 58 percent of IT leaders say that shadow IT has a negative impact on their ability to keep cloud services secure.

In a CSO blog post related to the survey, Rolf Haas, enterprise technology specialist at Intel Security, calls for more cohesive enterprise aprpoaches to the challenge. There is a "need for a new model of security that enables the centralized control or orchestration of the myriad cloud services and apps employees use across the enterprise."

There is "clearly a need for better cloud-control tools across the stack," Haas continues. "Large organizations may have hundreds or even thousands of cloud services being used by employees - some of which they probably don't even know about. It is impossible to implement separate controls and polices for each of them."

Haas urges greater adoption of technologies and tools such as two-factor authentication, data leakage prevention, and encryption on top of cloud services and applications. An emerging area, online broker security services seen as "security-as-a-service (SECaaS)," also offers promise, as it helps "orchestrate security across multiple providers and environments. These help tackle the visibility issue and ensure compliance needs are met."

The Intel survey finds cloud security investment varies in priorities across the different types of cloud deployment, with the top security technologies leveraged by respondents being email protection (43 percent), Web protection (41 percent), anti-malware (38 percent), firewall (37 percent), encryption and key management (34 percent), and data loss prevention (31 percent).

An area of investment that isn't measured is training, education and awareness of executives and employees about safe security practices. This is probably more critical than any technology that can be thrown at the problem. Get to know your cloud service providers intimately, and understand how they're treating your accounts and data.