Intelligent CIO Middle East Issue 32 | Page 34

EDITOR’S QUESTION WHAT STRATEGIES SHOULD ORGANISATIONS HAVE IN PLACE WHEN ADOPTING THE PUBLIC CLOUD? ////////////////////////////////////////////////////////////////////////////////////////////////////////// M cAfee, the device-to-cloud cybersecurity company, has announced its third annual cloud adoption and security report, Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security. The report outlines the current state of cloud adoption, the primary concerns with private and public cloud services, security implications and the evolving impact of Shadow IT for the more than 1,400 IT professionals surveyed. “Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on,” said Rajiv Gupta, Senior Vice President of the Cloud Security Business Unit at McAfee. “By implementing security measures that allow organisations to regain visibility and the control of their data, businesses can take advantage of innovative services and accelerate their business with a more informed approach to security in the cloud.” Cloud services nearly ubiquitous Almost all organisations are well into cloud adoption. According to the survey, 97% of worldwide IT professionals are using some type of cloud service and are concurrently working through issues related to visibility and control. 34 INTELLIGENTCIO The combination of public and private cloud is also the most popular architecture, with 59% of respondents now reporting they are using a hybrid model. While private- only usage is relatively similar across all organisation sizes, hybrid usage grows steadily with organisation size, from 54% in organisations up to 1,000 employees, to 65% in larger enterprises with more than 5,000 employees. Cloud-first is the strategy of most organisations but is declining Cloud-first is an IT strategy that states new projects should consider using cloud technology first as opposed to on-premises servers or software. According to the report, cloud-first is the strategy for IT in many companies and remains a primary objective. Caution seems to have taken over for others, as the number of organisations with a cloud- first strategy dropped from 82% to 65% this year. Despite the reported security incidents, respondents with a cloud-first strategy still believe that public cloud is safer than private cloud. They understand the risks and yet the more they know, the more confident IT professionals are that cloud-first is the course they want to be on. Sensitive data stored in the cloud The majority of organisations store some or all of their sensitive data in the public cloud, with only 16% stating that they store no sensitive data in the cloud. The types of data stored run the full range of sensitive and confidential information. Personal customer information is the most common, reported by 61% of organisations. Around 40% of respondents also store one or more of internal documentation, payment card information, personal staff data or government identification data. And about 30% keep intellectual property, healthcare records, competitive intelligence and network pass cards in the cloud. Security incidents still widespread Prominently, one-in-four organisations that uses Infrastructure-as-a-Service or Software-as-a-Service has had data stolen and one-in-five has experienced an advanced attack against its public cloud infrastructure. Malware continues to be a concern for all types of organisations and 56% of professionals surveyed said they had tracked a malware infection back to a cloud application, up from 52% in 2016. When asked how the malware was delivered to the organisation, just over 25% of the respondents said their cloud malware infections were caused by phishing, followed closely by emails from a known sender, drive-by downloads and downloads by existing malware.