EDITOR’S QUESTION
WHAT STRATEGIES
SHOULD
ORGANISATIONS
HAVE IN PLACE WHEN
ADOPTING THE
PUBLIC CLOUD?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
M
cAfee, the device-to-cloud
cybersecurity company, has
announced its third annual cloud
adoption and security report, Navigating a
Cloudy Sky: Practical Guidance and the State
of Cloud Security.
The report outlines the current state of
cloud adoption, the primary concerns with
private and public cloud services, security
implications and the evolving impact of
Shadow IT for the more than 1,400 IT
professionals surveyed.
“Despite the clear prevalence of security
incidents occurring in the cloud, enterprise
cloud adoption is pressing on,” said Rajiv
Gupta, Senior Vice President of the Cloud
Security Business Unit at McAfee.
“By implementing security measures that
allow organisations to regain visibility
and the control of their data, businesses
can take advantage of innovative services
and accelerate their business with a more
informed approach to security in the cloud.”
Cloud services nearly ubiquitous
Almost all organisations are well into cloud
adoption. According to the survey, 97% of
worldwide IT professionals are using some
type of cloud service and are concurrently
working through issues related to visibility
and control.
34
INTELLIGENTCIO
The combination of public and private cloud
is also the most popular architecture, with
59% of respondents now reporting they
are using a hybrid model. While private-
only usage is relatively similar across all
organisation sizes, hybrid usage grows
steadily with organisation size, from 54%
in organisations up to 1,000 employees, to
65% in larger enterprises with more than
5,000 employees.
Cloud-first is the strategy of most
organisations but is declining
Cloud-first is an IT strategy that states
new projects should consider using cloud
technology first as opposed to on-premises
servers or software. According to the report,
cloud-first is the strategy for IT in many
companies and remains a primary objective.
Caution seems to have taken over for others,
as the number of organisations with a cloud-
first strategy dropped from 82% to 65% this
year. Despite the reported security incidents,
respondents with a cloud-first strategy still
believe that public cloud is safer than private
cloud. They understand the risks and yet
the more they know, the more confident IT
professionals are that cloud-first is the course
they want to be on.
Sensitive data stored in the cloud
The majority of organisations store some or
all of their sensitive data in the public cloud,
with only 16% stating that they store no
sensitive data in the cloud. The types of data
stored run the full range of sensitive and
confidential information. Personal customer
information is the most common, reported
by 61% of organisations.
Around 40% of respondents also store one
or more of internal documentation, payment
card information, personal staff data or
government identification data. And about
30% keep intellectual property, healthcare
records, competitive intelligence and
network pass cards in the cloud.
Security incidents still widespread
Prominently, one-in-four organisations
that uses Infrastructure-as-a-Service
or Software-as-a-Service has had data
stolen and one-in-five has experienced an
advanced attack against its public cloud
infrastructure. Malware continues to be a
concern for all types of organisations and
56% of professionals surveyed said they had
tracked a malware infection back to a cloud
application, up from 52% in 2016.
When asked how the malware was
delivered to the organisation, just over 25%
of the respondents said their cloud malware
infections were caused by phishing,
followed closely by emails from a known
sender, drive-by downloads and downloads
by existing malware.
www.intelligentcio.com