CIO & LEADER-Issue-01-April 2018 (1)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Security<br />
related to visibility and control.<br />
The combination of public and private<br />
cloud is also the most popular<br />
architecture, with 59% of respondents<br />
now reporting they are using a hybrid<br />
model. While private-only usage is<br />
relatively similar across all organization<br />
sizes, hybrid usage grows steadily<br />
with organization size, from 54% in<br />
organizations up to 1,000 employees,<br />
to 65% in larger enterprises with more<br />
than 5,000 employees.<br />
Cloud-First is the Strategy<br />
of Most Organizations, but<br />
in Cautious Decline<br />
Cloud-First is an information technology<br />
strategy that states new projects<br />
should consider using cloud technology<br />
first as opposed to on-premises<br />
servers or software. According to the<br />
report, Cloud-First is the strategy for<br />
IT in many companies and remains a<br />
primary objective. Caution seems to<br />
have taken over for others, as the number<br />
of organizations with a Cloud-First<br />
strategy dropped from 82% to 65%<br />
this year. Despite the reported security<br />
incidents, respondents with a Cloud-<br />
First strategy still believe that public<br />
cloud is safer than private cloud.<br />
Sensitive Data Stored in<br />
the Cloud<br />
The majority of organizations store<br />
some or all of their sensitive data in<br />
the public cloud, with only 16% stating<br />
that they store no sensitive data in the<br />
cloud. The types of data stored run the<br />
full range of sensitive and confidential<br />
information. Personal customer<br />
information is by far the most common,<br />
reported by 61% of organizations.<br />
Around 40% of respondents also store<br />
one or more of internal documentation,<br />
payment card information, personal<br />
staff data or government identification<br />
data. Finally, about 30% keep intellectual<br />
property, healthcare records,<br />
competitive intelligence and network<br />
pass cards in the cloud.<br />
Managing the risk of storing sensitive<br />
data in the cloud means ensuring<br />
the organization has visibility to it. A<br />
focus on fundamental governance and<br />
technological steps, such as requiring<br />
departments and personnel to participate<br />
in asset identification, classification<br />
and accountability helps build<br />
visibility. Data Loss Prevention integration<br />
with cloud providers, including<br />
the use of Cloud Access Security<br />
Brokers, manual or automated data<br />
classification and other technology<br />
steps, will help reduce the risk of sensitive<br />
information flows to and through<br />
cloud services.<br />
Security Incidents Still<br />
Widespread<br />
Prominently, one in four organizations<br />
that uses IaaS or SaaS has had data<br />
stolen, and one in five has experienced<br />
an advanced attack against its public<br />
cloud infrastructure. As organizations<br />
prepare for the European Union’s<br />
General Data Protection Regulation<br />
(GDPR), slated for May 2<strong>01</strong>8, they will<br />
be r<strong>amp</strong>ing up compliance efforts.<br />
Organizations that are more confident<br />
in the ability of their cloud providers<br />
are more likely to have plans to<br />
increase their overall cloud investments<br />
in the coming year, while those<br />
less confident plan to keep their investments<br />
at the current level. Fewer than<br />
10% surveyed, on average, anticipate<br />
decreasing their cloud investment<br />
because of GDPR.<br />
Malware continues to be a concern<br />
for all types of organizations and 56%<br />
of professionals surveyed said they<br />
had tracked a malware infection back<br />
to a cloud application, up from 52% in<br />
2<strong>01</strong>6. When asked how the malware<br />
was delivered to the organization, just<br />
over 25% of the respondents said their<br />
cloud malware infections were caused<br />
by phishing, followed closely by<br />
emails from a known sender, driveby<br />
downloads and downloads by<br />
existing malware.<br />
Respondents<br />
with a cloudfirst<br />
strategy<br />
still believe that<br />
public cloud is<br />
safer than private<br />
cloud<br />
Skills Shortage Decreasing<br />
The shortage of cybersecurity skills<br />
and its impact on cloud adoption continues<br />
to decrease, as those reporting<br />
no skills shortage increased from 15%<br />
to 24% this year. Of those still reporting<br />
a skills shortage, only 40% have<br />
slowed their cloud adoption as a result,<br />
compared to 49% last year.<br />
Best Practices and<br />
Recommendations<br />
Based on findings from this year’s<br />
study, the report concludes with three<br />
best practices that all organizations<br />
should actively work towards:<br />
DevOps and DevSecOps have been<br />
demonstrated to improve code quality<br />
and reduce exploits and vulnerabilities.<br />
Integrating development,<br />
quality assurance and security<br />
processes within the business unit<br />
or application team is crucial to operating<br />
at the speed today’s business<br />
environment demands.<br />
Even the most experienced security<br />
professionals find it difficult to keep<br />
up with the volume and pace of cloud<br />
deployments on their own. Automation<br />
that augments human advantages<br />
with machine advantages, such<br />
as that found in tools such as Chef,<br />
Puppet or Ansible, is a fundamental<br />
component of modern IT operations.<br />
Multiple management tools make<br />
it too easy to for something to slip<br />
through. A unified management<br />
system across multiple clouds with<br />
an open integration fabric reduces<br />
complexity<br />
<strong>April</strong> 2<strong>01</strong>8 | <strong>CIO</strong>&<strong>LEADER</strong><br />
35