Brace yourself, adoption of cloud computing is on its way with 93% of organizations using cloud services today. Just don’t ask when ubiquity will occur! One year later, and the question about the number of months until IT budgets are 80% in the cloud is down from 16 months to ‘only’ 15. Technically speaking, ubiquity should happen somewhere around April 2018. However, migrating to the cloud is not as simple as it seems.
The intention to move to the cloud is definitely there-trust in the cloud has risen, with those trusting public cloud outweighing those who distrust 2:1. However, a number of obstacles are impacting the full migration toward cloud computing. One of these obstacles is something that has been discussed for some time now, and confirmed by our recent survey, the talent shortage. The majority of enterprises have slowed their cloud adoption due to the lack of cybersecurity skills on their staff.
The above statistic is a little surprising at first glance. A well-documented advantage of cloud computing has been to allow organizations to focus on their core business, leaving the technical challenges of managing server infrastructure and security to specialist providers. However, the above clearly demonstrates that the old adage “that you can outsource the work but not the risk” rings true with many organizations. This begs the question whether the above skills are the same as those sought for internally provisioned services. I remember participating in a panel with Jim Reavis from the Cloud Security Alliance and the consensus was that technical skills will be less in demand for enterprises, as demands shift to skills to monitor the security posture of controls deployed by third parties (e.g. more management).
Our survey indicated 74% of organizations are storing sensitive data in the public cloud and personal customer information is the most popular form of this sensitive data. This leads us to believe that the demand for data visibility and protection skills will be on the rise. Data protection requirements demand that the data controller (enterprise) must ensure that the data processor (service provider) still has the appropriate controls in place.
Unfortunately, when IT says “no” to the lines of business, perhaps due to the skills shortage, the lines of business are adopting cloud on their own. In fact, 40% of cloud services are being procured outside the visibility and control of the IT department. This is even more worrisome for your data protection security posture and begs the consideration of automated tools for cloud data protection.