This blog was written by Wayne Anderson, previous Enterprise Security Architect at McAfee.
At the end of 2017, McAfee surveyed 1,400 IT professionals for our annual Cloud Adoption and Security research study. As we release the resulting research and report at the 2018 RSA Conference, the message we learned this year was clear: there is no longer a need to ask whether companies are in the cloud, it’s an established fact with near ubiquitous (97%) acknowledgement. And yet, as we dug into the comments and information that industry professionals and executives shared about their use and protection of the cloud, another intriguing theme became clear: companies are investing in cloud well ahead of their trust in it!
For this year’s report, Navigating a Cloudy Sky, we sought respondents from a market panel of IT and Technical Operations decision makers. These were selected to represent a diverse set of geography, verticals, and organization sizes. Fieldwork was conducted from October to December 2017, and the results offered a detailed understanding of the current state and future for cloud adoption and security.
More than any prior year – the survey indicated that 97% of organizations worldwide are currently using cloud services, up from 93% just one year ago. In the past year, a majority of organizations in nearly every major geography have even gone so far as to assert a “cloud first” strategy for new initiatives using infrastructure or technology assets.
Indeed, this cloud-first strategy has driven organizations to take on many different providers in their cloud ecosystem. As organizations tackle new data use initiatives, intelligence building, new capabilities to store and execute on applications – the growth in cloud is exploding the number of sanctioned cloud providers that businesses are reporting.
In the survey, enterprises are recognizing and reporting at a statistically significant level the explosion in provider count – each a source of potential risk and management need for the organization. The provider count requires readiness in governance strategy that joins security capabilities and procurement together to protect the data entrusted to each new cloud deployment. Security operations teams will need enhanced visibility that is unified to compose a picture across so many different environments containing enterprise data.
Data and Trust
This year’s report highlights an intriguing trend – companies are investing their data in cloud providers well in advance of their trust in those providers. An incredible 83% of respondents reported storing sensitive data in the public cloud – with many reporting nearly every major data sensitive data type stored in at least one provider.
Despite such a high level of data storage in cloud applications, software, and infrastructure, the same business executives are clearly concerned about the continuing ability to trust the cloud provider to protect the data. While cloud trust continues to gain, and cloud respondents indicated continuing buy-in to using providers and trusting them with critical data and workloads, only 23% of those surveyed said they “completely trust” their data will be secured in the public cloud.
Part of that trust stems from a perception that using public cloud providers is likely to drive use of more proven technologies, and that the risk is not perceived as being any less than in the private cloud.
As cloud deployment trends continue, IT decision makers have strong opinions on key security capabilities that would increase and speed cloud adoption.
- 33% would increase cloud adoption with visibility across all cloud services in use
- 32% would increase cloud adoption with strict access control and identity management
- 28% would increase cloud adoption with control over cloud application functionality