INTELLIGENT BRANDS // Cloud
skills is continuing to affect cloud
deployments. Almost half of the
organisations surveyed report the
lack of cyber security skills has
slowed adoption or usage of cloud
services, possibly contributing to
the increase in Shadow IT activities.
Another 36 percent report they
are experiencing a scarcity but are
continuing with their cloud activities
regardless. Only 15% of those
surveyed state they do not have a
skills shortage.
Due to the ease of procurement,
almost 40% of cloud services
are now commissioned without
the involvement of IT, and
unfortunately, visibility of these
Shadow IT services has dropped
from about 50 percent last year
to just under 47% this year. As a
result, 65% of IT professionals think
this phenomenon is interfering with
their ability to keep the cloud safe
and secure. This is not surprising
given the amount of sensitive data
now being stored in the public
cloud and more than half (52%)
of respondents reporting they have
definitively tracked malware from a
cloud SaaS application.
than private clouds, and more likely
to deliver lower costs of ownership
and overall data visibility. Those who
trust public clouds now outnumber
those who distrust public clouds by
more than 2-to-1. Improved trust
and perception, as well as increased
understanding of the risks by senior
management, is encouraging more
organisations to store sensitive data
in the public cloud. Personal customer
information is the most likely type of
data to be stored in public clouds, kept
there by 62% of those surveyed.
Risks also rise: shadow IT
and the cyber security skill
shortage
The ongoing shortage of security
www.intelligentcio.com
Data centre progression
The number of organisations using
private cloud only has dropped from
51% to 24% over the past year,
while hybrid cloud use has increased
from 19 percent to 57% This move
to a hybrid private/public cloud
architecture requires the data centre
to evolve to a highly virtualised,
cloud-based infrastructure. On
average, 52% of an organisation’s
data centre servers are virtualised,
80% are using containers and most
expect to have the conversion to a
fully software-defined data centre
completed within two years.
Recommendations
• Attackers will look for the easiest
targets, regardless of whether
they are public, private or hybrid.
Integrated or unified security
solutions that provide visibility
across all of the organisation’s
services could be the best defence.
• User credentials, especially for
administrators, will be the most
likely form of attack. Organisations
need to ensure they are using
authentication best practices,
such as distinct passwords, multi-
factor authentication and even
biometrics where available.
•Security technologies such as
data loss prevention, encryption
and cloud access security brokers
(CASBs) remain under-utilised.
Integrating these tools with an
existing security system increases
visibility, enables discovery of
shadow services, and provides
options for automatic protection
of sensitive data at rest and in
motion throughout any type of
environment.
•Organisations need to evolve
toward a risk management
and mitigation approach to
information security. They should
consider adopting a Cloud First
strategy to encourage adoption of
cloud services to reduce costs and
increase flexibility, and put security
operations in a proactive position
instead of a reactive one.
To download the full report,
visit www.mcafee.com/
cloudsecurityreport
Survey Methodology
In fall 2016, Intel Security surveyed
over 2,000 IT professionals across
a broad set of industries, countries
and organisation sizes. Research
participants were senior technical
decision-makers from small, medium
and large organisations located in
Australia, Brazil, Canada, France,
Germany, Japan, Mexico, Saudi
Arabia, Singapore, the United Arab
Emirates, the United Kingdom and
the United States.
INTELLIGENTCIO
53