Security and the Cloud: Are Organisations Still Sceptical?

8 Nov

As paulh91 has expanded on, cloud computing is still a trend today even if it is not the ‘buzz’ word of this 2012. Previous blogs by davidoppermann, ronanisbp and corcoranchris have also brought to light the issues that security poses with constantly evolving technologies being adopted by companies. Certainly in terms of cloud computing, security has been the biggest barrier to adopting cloud computing as a service. Are companies still reluctant to adopt the cloud today? Is security still the major issue? Or have the companies’ stance on the cloud and security softened? I hope to shed some light on these questions.

Companies are attracted to the cloud primarily because of its scalability and flexibility. Cloud service providers with custom-built facilities and set procedures in place mean that data centres can execute upgrades extremely rapidly, minimising downtime for enterprises. Flexibility is also key for businesses which incur sporadic peaks in traffic. For example, this factor was pivotal in Oxfam changing from in-house IT capabilities to a cloud service provider as, shortly after the Haiti disaster Oxfam’s system went down after there was a surge in people wishing to make online donations. This resulted in lost opportunity and lost income according to the CIO of Oxfam, and thus they turned to the cloud.

According to a Cloud Computing Adoption Survey 2011 by Tech Target Inc., cloud computing remains a cautious experiment among respondents. As seen from the diagram below, data security is a major issue with information leakage and compliance and audit trails of primary concern.

Image

(Source: http://www.computerweekly.com/news/2240036468/Cloud-computing-adoption-remains-tepid)

As illustrated above, data being more prone to attacks from hackers as several companies’ information is hosted in one place is also a major concern for those surveyed. Service providers assure they can treat security as a resource using virtualisation technologies and channel security resources where they’re needed on demand. This allows for varied levels of security. However, if you’re a small organisation using only an insignificant amount of cloud storage space, are you going to be confident that your data will be equally prioritised in terms of security as larger organisations who use a substantial amount of the service providers’ storage facilities? The same can be said of cloud outages. For example, will Netflix (a major client of Amazon Web Services and also owed by Amazon) be prioritised over smaller organisations after a cloud outage? This must certainly be a thought which crosses the minds of IT decision-makers in smaller organisations.

Despite these concerns over data security, the upwards trend in cloud adoption has continued in Ireland with 54% of respondents in the Deloitte CIO Survey 2012 now stating that they use cloud computing in their organisation, an increase from 38% in 2011. This figure is on par with the cloud adoption rate in the UK. As illustrated in the graph below, there is a steady acceptance of cloud computing over the past few years despite worries over data security. The 16% rise from 2011 could be contributed to SME’s seeing cloud as a more cost-effective option in terms of in-house security measures.

Image

(Source: http://www.deloitte.com/view/en_IE/ie/services/consulting/cio-survey-2012/cloud/index.htm)

In terms of who is continuing the trend of adopting cloud computing, the private sector is still leading the way with 61% using some form of cloud computing in comparison to 25% by the public sector. This should change over the next 5 years however, given the recent launch of the Government Cloud Computing Strategy which aims to place cloud computing at the heart of future government ICT strategy.

Of the respondents who are not currently using cloud computing within their organisations, almost half have plans to research cloud services while a third plan on trialling cloud over the next 18 months. Therefore despite issues over data security, it looks like organisations have decided that the benefits of the cloud outweigh their worries over this problem and have, albeit still sceptically, allowed them to view the cloud as a potential part of their organisation in the near future.

Image

(Source: http://www.deloitte.com/view/en_IE/ie/services/consulting/cio-survey-2012/cloud/index.htm)

Advertisements

8 Responses to “Security and the Cloud: Are Organisations Still Sceptical?”

  1. davidoppermann November 8, 2012 at 9:21 pm #

    Moving ever closer to 2013, I don’t think the question will be ‘Are organisations still skeptical in moving into the cloud due simply to security reasons or information leakage as deloitte’s survey depicted to us, but it will be the question of “when” are companies going to make the switch to the cloud? I think evidence of this is illustrated with over 50% of CIO currently using cloud in their organisations (a 20% jump from 2010) and future plans in implementing cloud services is at 47% for does not using cloud. With rise of cloud service providers offering IaaS, Saas, & Paas services, the issue of security will eventually be resolved when using the cloud.

  2. ronnoc90 November 10, 2012 at 8:06 pm #

    I agree with Dave. The transfer of data to the cloud is eminent. However I don’t know if the issue will just resolve itself -each model has risks.

    McKendrick, 2012 highlights the security issues associated with each model effectively. http://www.zdnet.com/blog/service-oriented/saas-paas-and-iaas-three-cloud-models-three-very-different-risks/8815 I believe that cloud security solutions will become more pertinent in the near future. “Cloud security is still in its infancy, the industry still has a ways to go before organizations understand and adopt methodologies and technology to secure data in the cloud.”- Torsten George, VP of Agiliance a firm that provides integrated Governance Risk and Compliance management platform solutions. Link to article: http://www.technewsworld.com/story/76019.html?wlc=1352575712

  3. steepletoes November 11, 2012 at 4:50 pm #

    Thanks for your comments @davidoppermann and @ronnoc90. I also agree that companies’ moving to the cloud is a matter of when, rather than if. I’ve highlighted this myself in the latter half of my post suggesting that companies are seemingly deciding that the benefits of the cloud outweigh the risks associated with it. As I mentioned, half of those currently not using the cloud are researching the area while a third of this group are trialling the service over the next 18 months. Also the Government strategy will also drive up the percentage of adopters from the public sector over the next 5 years.

    Eugene Kaspersky, Founder and CEO of Kaspersky Lab, sees virtualization as an obvious choice as well, especially for companies with huge amounts of data, but accepts that there are also security issues to address that lie with the service provider. He also states that there is a demand on security solutions not to use too many resources as it could affect the optimization of the service, which is why firms are attracted to the cloud in the first place.
    (http://www.youtube.com/watch?v=kCkafeDSafc)

    He also states that cyber criminals are getting more and more active with the emergence of the smartphone. 8 years since the first smartphone virus in 2004 there was about 1000 malicious threats found, in December of 2011 there was 1200 malicious threats found alone. If anything security is more of a risk now then it was ever before. And it is something, which @ronnoc90 states, is not just going to resolve itself. Hence, some companies will remain sceptical, whether it is with the cloud itself or the mobile devices used to access it. It was this point I was higlighting.

  4. thestrategicblogger November 14, 2012 at 3:30 pm #

    An interesting take on cloud computing steepletoes. I think your question regarding cloud computing are especially relevant given firms often myopic approach to out-sourcing in the past. Whereby key competencies were often shipped out in a cost saving exercise only to have the price increase incrementally further down the tracks.

    One must bear in mind that cloud computing is still in it s infancy and we are right to be sceptical of it s (malevolent) potential. When dealing with such sensitive company information it s not good enough that security solutions will become available “in the near future” when they are needed now, if they are to be considered a legitimate tool for firms.

    • steepletoes November 16, 2012 at 6:30 pm #

      Couldn’t agree more ‘thestrategicblogger’. Thanks for your comment.

  5. Alex June 11, 2013 at 9:19 am #

    You made some decent points there. I checked on the web for
    additional information about the issue and found most individuals
    will go along with your views on this website.

  6. Air Zone Cooling & Heating July 28, 2013 at 5:38 pm #

    I have a refridgerator that is not cooling.
    The motor is running but not blowin out any cool air.

    Freezer work?

  7. Read More Here July 31, 2013 at 6:37 pm #

    Very good content you’ve gotten right here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: