rvlsoft - Fotolia
Trust in the ability of public cloud providers to keep enterprise data safe and secure may be on the rise, but security skills shortages continue to hinder the adoption of off-premise services.
That is according to Intel’s second annual cloud security report, Building Trust in a Cloudy Sky, which features responses from 2,000 IT professionals.
About half (45.6%) of respondents said the scarcity of infosec professionals has contributed to a slowdown in the adoption of cloud services in their organisation and, potentially, fuelled a rise in shadow IT deployments.
Just 15% said security skills shortages presented no such problems to their cloud progress, with organisations employing more than 5,000 people least likely to run into this issue.
“An IT organisation that is slow to deploy solutions can inadvertently encourage other departments to commission their own services,” the report says. “It can also lead to a disjointed security environment, creating more work for the security team.”
Around 40% of the cloud services used by enterprises are deployed without the IT department’s knowledge, the report says.
“This is not necessarily a bad thing if IT and security operations have sufficient visibility to keep the applications, data and the organisation safe and secure,” it adds.
“Unfortunately, visibility of these shadow IT services has dropped from about 50% last year to just under 47% this year. This is not a very large fall, but it does affect the security posture of the organisation.”
When the visibility of shadow IT services is impaired, 65% of respondents said this makes the act of keeping their data safe and secure that much harder.
Enterprise cloud evolution
The report also highlights a softening in attitude by enterprise IT professionals towards using public cloud to run mission-critical workloads and store sensitive data.
Indeed, the number of respondents who said they distrust public cloud services has dropped from 50% to 29% since the first Intel cloud security report was published in 2016.
Also, 85% of survey participants said they store “some or all” of their sensitive data in the public cloud, while almost a quarter (23%) rely on it to take care of all their sensitive data.
In the survey, respondents were quizzed on their use of infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS) offerings, as well as their private and public cloud adoption habits.
The results suggest the hybrid cloud approach is increasingly favoured by enterprises, with 57% of organisations confirming deployments – up from 19% in last year’s report.
Read more about cloud security
- Misinterpretation of the Government Security Classifications could result in the overprovisioning of public sector IT systems.
- Government Digital Service moves to allay public sector concerns about using off-premise services in a bid to speed up cloud adoption beyond Whitehall.
In line with this, the number of organisations using private cloud has fallen from 51% to 25% over the same period, and there remains a degree of trepidation from enterprises about going all-in on public cloud.
Raj Samani, CTO for Europe, Middle East and Africa (EMEA) at Intel Security, said IT departments can ill afford to hold back on embracing cloud, particularly as it may encourage shadow IT deployments to thrive.
“Shadow IT is a significant issue in the UK especially and enterprises are leaving themselves more vulnerable than if they adopted a proactive cloud strategy,” he said.
“Attackers will look for the easiest targets, regardless of whether they are public, private or hybrid. Integrated or unified security solutions that provide visibility across all of the organisation’s services could be the best defence.
“Rather than having to react to security threats brought about by unregulated cloud adoption from other departments, IT departments should consider working with the wider enterprise to adopt a cloud first strategy that proactively builds security into its core.”