May 24, 2017
Building Trust in a Cloudy Sky: The State of Cloud Adoption and Security (25 pp., PDF, opt-in). Late last year Intel Security surveyed over 2,000 professionals for its annual cloud security research study. The 2,009 respondents were drawn from a third-party database of IT and technical decision makers to represent a diverse set of countries, industries, and organization sizes, with a specific focus on the financial services and healthcare industries. After screening out those not involved cloud adoption and deployment decisions, 1,400 senior technical professionals were included. Please see pages 6 and 7 for the study for additional details on the methodology.
Key insights from the study include the following:
· In 15 months, 80% of all IT budgets will be committed to cloud apps and solutions. Cloud First is now a global priority for organizations that prefer deploying applications that can be purchased as a service or deployed in the cloud. Many organizations are moving quickly to Cloud First to keep pace with their partner and supplier networks. Being able to deliver an excellent customer experience regardless of where and how a customer chooses to buy is a strong catalyst moving organizations to adopt Cloud First strategies as well. The study found that the percentage of IT professionals who stated they don’t think their IT budget will ever be 80% cloud dropped by 50% from 12% in 2015 to 6% in 2016.
- Hybrid cloud adoption grew 3X in the last year, increasing from 19% to 57% of organizations surveyed. The study also found that the number of cloud services that organizations are using dropped from 43 in 2015 to 29 in 2016. The consolidation of cloud services combined with the rapid growth of hybrid cloud is a leading indicator of greater cloud platform maturity in enterprises. Many are setting aggressive goals to create Cloud First apps internally that can replace legacy on-premise apps that no longer scale to their current and future business model needs.
- Public cloud platform adoption is highest in services companies (28%), with engineering (30%) and government (29%) having the highest adoption of private clouds. Private cloud-only adoption is lowest in services companies (16%) due to concerns over IT security skills. Media organizations (17%) also have low private cloud adoption due to the insufficient visibility of vulnerability Insurance companies prioritize compliance and the location of cloud service providers’ data centers and data storage outside of the country of operations.
· Just 23% of organizations today completely trust public clouds to keep their data secure. A year ago, only 13% trusted public clouds. This 76% jump in trust for one year is attributable to public cloud platforms investing more development effort and resources in security features and support. From authentication to more complex secured APIs, public cloud platform providers are hardening every aspect of their systems to ensure greater security and scalability. This strategy is paying off with the total number of organizations who distrust clouds dropping from 50% to 29%.
· Fully integrated (50%) and unified security solutions (47%) are enabling organizations to increase their trust in the security of public clouds. The greater the integration of an organization’s security solutions across multiple cloud environments, the more likely they are to store some or all of their sensitive data in a public cloud service. The following graphic compares an organizations’ use of public clouds by the level of integration with security solutions.
- 83% of organizations are actively using containers today. 36% are using them inside IT, 18% outside IT, and 29% both inside and outside of IT. Containers tend to be used in higher quantities per host than virtual machines but last for a small fraction of the time, making them more challenging to protect. There is an opportunity for cloud security vendors to further differentiate themselves by adding much-needed advanced security solutions for containers into their cloud service strategies.
- 60% of engineering firms say that a lack of security skills is slowing down their cloud adoption plans. Across all respondents, 36% report they are experiencing a scarcity of skills yet they are continuing with their plans anyway. The countries most in need of cloud security specialists include Japan, Mexico, and the Gulf Coast Council (GCC) (Saudi Arabia and the United Arab Emirates). The following is an analysis of how a shortage of security skills is affecting cloud adoption in organizations.
· Australia (33%) and Canada (32%) are global leaders in public cloud adoption, with Gulf Coast Council (GCC) (Saudi Arabia and the United Arab Emirates) (30%) leading in private cloud The study found that Australians are most focused on the challenges of having consistent security controls across legacy and virtualized infrastructures.. Canadians are most concerned about maintaining compliance across hybrid service. GCCs are concerned about public cloud costs and how reliable cloud providers can meet their SLAs. Japan has the lowest adoption rate of private clouds (7%) driven by concerns regarding staff security skills.