Report
Foreword
I am pleased to provide a foreword to Intel Security’s survey and research paper, “Building Trust in
a Cloudy Sky”. This report contains a rich set of findings of the progress towards cloud adoption
by a diverse global audience and the key security considerations in play. Reading this document
will greatly aid practitioners in taking a data-driven approach towards securely migrating to cloud
computing and I encourage security professionals to carefully review these findings and share
broadly with management and other key stakeholders outside of the security organization.
This report clearly resonates with the anecdotal information I have received in my travels
representing the Cloud Security Alliance this past year. Cloud computing is maturing and broadbased adoption is occurring. This maturity is not manifesting itself by a period of stasis, but is
instead highly dynamic. New technologies and market entrants abound, and just as importantly, key
players are exiting the cloud markets. The one constant in all of this is the clear responsibility of
cloud users to understand their role in assuring that cloud computing is as secure as it can be and
needs to be. Proper cloud security education and tools are every organization’s bulwark against the
evolving threat vectors in cloud.
I expect that we will see several important milestones in cloud computing in 2017. Microservices
such as containers and APIs will gain significant traction as important means to enhance the value
of virtual machines. DevSecOps will become a mainstream information security topic. Several
strategic regulatory bodies will announce new guidelines that will in effect ease the path to adoption
of cloud computing for providers and customers. Information security professionals should
prepare themselves for this next wave of cloud adoption. Understanding the current cloud security
benchmarks articulated in this survey provides a fantastic way to continue your journey.
Jim Reavis
[email protected]
CEO, Cloud Security Alliance
Building Trust in a Cloudy Sky
3
Report
Preface
Cloud First. Two simple words, but the approach is now well and truly ensconced into the
architecture of many organizations across the world. In our survey from 2015 there were some
remarkable findings, none more so than the average of 16 months the surveyed IT organizations
believed it would take before 80% of their IT budget was devoted to cloud solutions. Our initial
assumption when designing the survey, that there was a gap between intent and implementation
and that the transformation to cloud would take several years, was proven inaccurate. The desire to
migrate quickly towards cloud computing appears to be on the agenda for most organizations. This
year the average time before respondents thought their IT budgets would be 80% cloud-based
was 15 months, indicating that Cloud First for many companies is progressing and remains the
objective.
We can still see some dark clouds on the horizon. It is evident from our survey that the lack of
cybersecurity skills is having an impact on cloud adoption for organizations of all sizes. Previous
concerns about the lack of trust in public clouds seem to be dissipating compared to the responses
in 2015, with more practical considerations becoming the biggest concerns today. Senior
management also appear to be more understanding of the risks involved in storing sensitive data
with third-party providers.
Perhaps one of the reasons that a Cloud First approach is moving ahead is that incidents are
decreasing. Yet again more practical issues dominate the landscape, such as interoperability,
the lack of transparency of data movement, and public cloud operations. In one year, the IT
professionals surveyed have moved away from the feeling the cloud is untrustworthy, to a better
understanding of the benefits that it can bring. What is equally encouraging is IT departments have
made progress, not only in terms of articulating the risk up the management chain, but also across
the company. Public cloud benefits are being realized, with the cost of outsourcing compared to
hosting internally acting as the key motivator.
As we move forward into a world where cloud computing is almost ubiquitous, we are faced with
practical issues that could slow adoption. These issues need to be addressed, and research efforts
such as those conducted by the Cloud Security Alliance can aid organizations looking for best
practices. Remarkable progress has been made within the past 12 months, and the cloud and
security industries are now moving into a new phase of work to be done.
Raj Samani
@Raj_Samani
Chief Technology Officer, EMEA, Intel Security
Building Trust in a Cloudy Sky
4
Please complete the form to gain access to this content
