IT organizations are slowly but surely warming up to public cloud adoption. Overall, IT decision makers are growing more comfortable with hybrid environments, deploying multiple public cloud services along with more traditional on-premises infrastructure.
Respondents to a recent global study by Vanson Bourne have, on average, nearly 40% of their infrastructure in the public cloud now. Over the next five years, this is expected to rise to 70% (Click on the images below for larger view).
Motivated by the potential to scale IT capabilities without the cost and complexity of on-premises equipment, four in 10 organizations polled in the study plan to expand services deployed in the public cloud.
Another survey conducted by TechValidate last year found that email has marked many companies’ first foray into the public cloud, followed by web applications. The majority of respondents to this survey saw a return on investment within six months while others saw a return within the first year. A few drew an immediate return.
Strikingly, the influence of IT professionals at the director level and even admin-level IT behind cloud migrations offers a clear indication that the computing model has become mainstream and quickly expanding beyond hosted email. Further evidence of this is the consistency of adoption drivers – cost savings, scalability and simplified IT. Nearly all the respondents in the recent study have reaped these benefits.
These benefits also explain why 92% of organizations in an Osterman Research survey store sensitive corporate data in cloud-based services like Salesforce, Office 365 and Dropbox.
However, cloud adopters, especially in the public domain, constantly contend with new attack vectors that need to be mitigated.
In the Vanson Bourne study, 91% of respondents had concerns over their use of public cloud, with 54% mainly concerned about cybersecurity risks (Click chart on the right). Each organization had seen five attacks on average and 56% of the 450 Asia Pacific respondents polled had been targeted.
“The challenges in migrating legacy security appliances and architectures require having the right infrastructure for securing hybrid cloud solutions,” said Hatem Naguib, senior vice president and general manager of Security at Barracuda Networks, which commissioned the studies. “Organizations need to select cloud-ready security solutions that are designed for the new architectures and capabilities enabled by public and hybrid cloud adoption.”
More organizations also need clarity on the shared responsibility security model – which typically dictates which security controls are the responsibility of the cloud service provider (CSP) and which are of the customer – because of its implication to their data and applications. For example, Amazon Web Services (AWS) takes responsibility for the access and control of components that make up the cloud – such as the global infrastructure elements; hardware, database and networking components; and other data center facilities – while the customer is responsible for any data or applications put into the cloud.
Strategically, the growing proportion of corporate data residing in the cloud – and threats that increasingly exploit application vulnerabilities and people – compel organizations to rethink their traditional, perimeter-focused security models.
In seeking to tap on the unique strengths of each CSP to bolster security and minimize costs, many organizations often end up engaging multiple CSPs while managing an on-premises infrastructure. Organizations then have to weigh, understand and leverage different licensing options – by usage, per hour, unlimited, etc. – to better control costs.
Here, Barracuda Networks advise organizations to “look for third parties who support a wide range of ecosystems with the same or similar solutions to reduce complexity and overall costs” and to select vendors who can “provide a common management scheme – either in their products or using public cloud security infrastructures – to simplify managing and monitoring ongoing security”.
Further, Osterman Research advocates the following best practices:
Undertake a risk-based assessment based on an end-to-end security audit of systems and security to identify what to protect, the security mechanisms in place and where new threats are likely to emerge
Determine the shared responsibility security model with the CSP and look for ways to unify the security approach across on-premises systems and the various cloud services
Ensure the basics are done right, particularly people as a key vector of attack
The bottomline is that organizations have numerous choices to enhance their cloud security. So, picking the right security vendor has become one of the highest priorities for both IT and business decision makers to unlock the benefits of public cloud.
Organizations need the agility to securely extend their capabilities beyond on-premises resources to leverage the innovations that CSPs build into their infrastructures. Addressing growing hybrid infrastructures, Barracuda ensures that its on-premises and cloud solutions collaborate seamlessly to protect data and applications wherever they reside, including cloud options such as Microsoft Azure, Amazon Web Services and VMware vCloud Air.
This is a QuestexAsia feature commissioned by Barracuda Networks.