As the 2017 RSA Security Conference kicks off in San Francisco, Intel Security released the results of its second annual survey on cloud security practices. The report outlines the current state of cloud adoption, the primary concerns with private and public cloud services, security implications, and the evolving impact of shadow IT of the more than 2,000 IT professionals surveyed.
The full report titled Building Trust in a Cloudy Sky, is available for download here. Here are some of the highlights:
To discuss the report and the importance of current cloud computing trends, I spoke with Eric Trexler, who is the National Security and Civilian Programs director at Intel Security. Eric leads all non-DoD security program activities at Intel Security, and I found his passionate comments about the survey results to be both helpful and insightful about federal government.
Here are a few of the top quotes from Eric during our 30-minute phone discussion:
“Cloud-first is catching on! Cloud adoption is accelerating rapidly! We are seeing both business areas and IT shops putting more and more data in the cloud.”
“Boundaries are blurring between private, public and hybrid clouds. This means the same tools sets are being used to access data, encrypt data and manage data across diverse platforms and cloud infrastructures.”
“Shadow IT is growing, and business professionals are not as aware as IT professionals of the risks that they are introducing into the enterprise by moving their data into the cloud.”
“Ninety-three percent of organizations use cloud services in some form.”
“I think security technologies such as data loss prevention, encryption and cloud access security brokers (CASBs) remain underutilized. Integrating these tools with an existing security system increases visibility, enables discovery of shadow services, and provides options for automatic protection of sensitive data at rest and in motion throughout any type of environment.”
“The shortage is security staff is driving more cloud adoption. More and more gaps is cybersecurity disciplines means that the cloud will be a helpful solution in the long run. However, in the short term, this rapid move to the cloud is causing a greater need for security staff and security architectures as infrastructure usage evolves. This is making the immediate staffing shortage an even larger issue.”
“It is significant that over 2,000 global IT professionals participated in these survey results. Research participants were senior technical decision-makers from small, medium and large organizations located all over the world.”
“FedRAMP is helpful, but not enough. The rigor involved is helping improve the security capabilities of many government cloud offerings, but public and private sector teams still need to ensure that the right level of security is applied to different data sets after FedRAMP certification. The work does not end there. Security processes must be integrated in persistent ways. IT shops understand this, but many government business areas do not. We need to mandate the path to the cloud through the IT shops.”
Other Cloud Security Report Recommendations
Beyond Eric Trexler’s comments, some other Intel Security report recommendations include:
In 2010, when I was the Michigan chief technology officer (CTO), I asked the question: Cloud First Policy — What Does It Really Mean?” Here were three points for state and local government to consider at the time:
We’ve come a long way in almost seven years, and yet many cloud security challenges remain. I found this new Intel Security report to offer a very good status on the global state of cloud security in 2017.
We reached a tipping point long ago on data moving to the cloud, with 93 percent of organizations using some type of cloud services.
But now we are reaching new milestones with more sensitive data being moved into the cloud in the public and private sectors. Use this report to help build your cloud strategy for 2017-2020. The report data and recommendations will certainly help.