Intel Security released its second annual cloud security report recently, which surveyed over 2,000 IT professionals around the world, revealing a mix of good and bad news about global enterprise cloud adoption.
First, the good news. The popularity of cloud services is growing with the number of IT professionals that trust public clouds outnumbering those who distrust them by more than two to one. Over 90 percent of organizations are now using cloud services and IT architectures are moving to a hybrid private cloud/ public cloud model.
Survey participants expected 80 percent of their IT budgets to be dedicated to the cloud within an average of 15 months. And thanks to improved trust in the cloud, organizations are storing more sensitive data in public clouds – 62 percent of those surveyed said they stored personal customer information in public clouds.
But not everything in the report was positive. Cloud applications are a popular target for hackers with more than half of the survey participants saying they had definitely traced at least one malware infection back to a software-as-a-service application.
Another issue is a shortage of cybersecurity skills. Nearly half of the survey respondents said they’d had to slow down their adoption of cloud services because they couldn’t find people with the right security skills.
A final problem is Shadow IT – technology solutions provisioned by departments without the involvement or knowledge of the IT team. The survey revealed nearly 40 percent of cloud services were commissioned without involvement from the IT department. And 65 percent of IT professionals believe the commissioning of Shadow IT cloud services is making it harder for them to keep the cloud secure for their organizations.
As cloud solutions grow in popularity, they are going to attract more attention from cybercriminals. To help protect their organizations, IT departments can take a few simple steps.
Educate and Communicate: IT departments need to ensure they have a security plan in place, laying out policies and procedures that should be followed in procurement, implementation and in the event of a security incident. IT mangers also need to make other departments aware of the security plan and the importance of adhering to the plan.
Backup: Backup plans aren’t particularly new or exciting, but they’re still a key part of an effective IT security strategy. Organizations need to make sure all their key information is backed up securely – whether it’s on-premise or in the cloud. Faulty backup plans can lead to the loss of critical data, no matter what technology the IT team has in place.
Visibility: The key to good security is making attacks less profitable for cyberattackers. Many attacks today leverage legitimate credentials, so network visibility is necessary to ensure data is being used for legitimate purposes.
Organizations are going to continue growing their cloud services because of the cost advantages and the ability to ramp up, or take down, capacity quickly. While there are risks in moving to the cloud, they can be minimized with a comprehensive security strategy and technology that not only protects valuable data but makes sure it’s being used properly.