Enterprises have quickly grown comfortable with both the concept of cloud, and their service providers' abilities to deliver secure and professional solutions with integrity, a new study by CloudPassage suggests.
As a result, organizations are adopting cloud, including 41 percent using public cloud servers for external applications -- a trend that will grow next year, the cloud server security provider found.
Andrew Hay, chief evangelist for CloudPassage, told me in an interview last week that within the past year, IT professionals have grown more comfortable with public cloud.
In 2011, the survey showed that 16.4 percent of respondents claimed that they had 'no security concerns' about utilizing public cloud architectures. That dropped to 5.5 percent in 2012, showing a healthy dose of skepticism and fear presented by cloud architectures.
The results of CloudPassage's report complement research firms' cloud spending projections: IDC, for example, predicts that $1 of every $5 will be spent on cloud-based software and infrastructure by 2016. Gartner expects software-as-a-service (SaaS) and cloud-based business applications will reach $32.2 billion that same year, compared with $13.4 billion in 2011.
For organizations to continue expanding their cloud investments, they must obviously be reaping their own returns on investment, and be satisfied with the partnerships they are forging -- especially in areas as sensitive as hosted data, applications, and datacenters.
CloudPassage's study supports this theory, in part because most of the 200-plus IT professionals who were polled have seen their cloud security fears assuaged over the past 12 months. That's not to say everyone is worry-free: 23 percent of those surveyed said they are concerned about the lack of perimeter defenses and network controls in the public cloud.
In last year's study, 44.7 percent of those queried voiced the same worries. Within a year, the percentage has dropped dramatically, to a point where today, more than three-fourths are comfortable that these security issues have been addressed.
The study found other ways enterprises are growing secure with cloud, including public cloud. Hay continued:
The biggest change from 2011's survey was the respondents' concerns about the provider having access to guest servers. 2012 showed that only 8.0 percent of respondents held this concern, compared to 24.3 percent in 2011.
The lack of perimeter defenses and/or network control responses slipped from 2011's 44.7 percent to 23.4 percent in 2012. This could be indicative of users growing comfortable with the lack of network-based security controls in cloud environments, or perhaps the responsibility for security was shifted to a third-party provider to manage.
IT departments may have increased their internal cloud education, perhaps retraining or adding new staff knowledgeable in cloud architectures, said Hay. Eighty percent of those surveyed were aware that security of their infrastructure-as-a-service (IaaS) cloud server is an internal responsibility, not their cloud service provider's, and that knowledge and preparation may generate a better sense of security.
According to Hay, organizations can take additional steps, especially surrounding compliance and regulatory concerns:
To better help their customers, auditors and assessors will need to ramp up their cloud knowledge ahead of official guidance from regulatory entities such as the PCI SSC. There are numerous training classes and free training resources available from well-respected organizations such as the SANS Institute, the Cloud Security Alliance, and other independent sources that can help expedite the knowledge transfer.
No matter what the deciding factor is -- trust in their cloud service providers, more internal cloud expertise, partnership with a security provider, or a combination of reasons -- it's apparent that members of the cloud community are stepping up to empower organizations to securely implement this compelling technology.
— Alison Diana , ThinkerNet Editor, Internet Evolution