Recently I was reviewing the results of Informationweek’s annual State of Cloud Computing survey that comes out each February. The results mirror other cloud surveys that I’ve read so it’s worth a look. Although the bulk of the survey is about bandwidth and performance concerns, there are some security related results as well.
It was interesting to read that the survey finds that one third of the respondents are already consuming cloud services, and two thirds of those organizations are using between 2 to 5 different cloud hosted services. Of the total cloud hosted services that these respondents are consuming:
- 57% are SaaS based; up 1% from 2011
- 42% are Platform as a Service (PaaS); up 7% from 2011
- 27% are Infrastructure as a Service (IaaS); up 6% from 2011
As far as associated risks with using these solutions, security dominated the list of concerns. This survey result is similar to what I’ve read in other surveys as well. In fact the top three concerns are:
- Security defect in the cloud solution itself (51%)
- Unauthorized access to our customer’s information (48%)
- Unauthorized access to our proprietary information (48%)
So not only does IT need to be constantly vigilant in keeping the bad guys outside their firewalls, they now have to worry about their corporate data that may sit beyond their full control. Independent of the security practices that each of their cloud hosted solution vendor may or may not implement, IT faces that added exposure of an employee or teams of employees moving corporate information to the cloud without following any of the policies or guidelines that are typically enforced internally. To quote this report “Organizations need to be able to expand their security frameworks to incorporate the different risks and benefits that come with all the variants of cloud computing….they just can’t say no.”
There really is no doubt that as security breaches continues to occur, IT will have to firm up their cloud security practices, policies, and infrastructure. A notable challenge considering that much of the environment extends beyond their full control. This will be an interesting dynamic to watch. IT continues to lose clout with the business managers, but their mandates force them into accountability. Most likely they will have to find ways to implement levels of control without being a pain in the business lead’s sides.
Posted
Feb 16 2012, 08:55 AM
by
KentPurdy
Filed under: Security, Cloud Computing, Cloud, SaaS, PaaS, IaaS, unauthorized access, hosted service, Platform as a Service, State of Cloud Computing, Informationweek, Infrastructure as a Service