Intel report suggests that self-service IT is a huge security risk

FUD? Or substantive risk assessment? Your view might decide where you sit on the enterprise agility continuum.

ethernet cables
Credit: Thinkstock

Ever since cloud computing was introduced a decade or so ago, there has been much gnashing of teeth and wailing about the security risks that the cloud introduced. Back in the old days, these arguments were pretty simple and revolved around control. Since then, however, as cloud adoption has become more widespread, we have had more nuanced views about cloud risks.

But still, there are those traditional IT folks who balk at the very mention of the cloud. To them, cloud is anathema that is diametrically opposed from their stated objective of delivering the best outcome with the highest levels of safety for the business.

Of course, many people would suggest that a significant proportion of those bemoaning the risks of the cloud are actually bemoaning the fact that their career prospects look less rosy in a cloudy world, and that it is self-interest that drives this message.

So given all of this, it is interesting to read a new security report that Intel Security commissioned and which is being released this week to coincide with the RSA security conference. The annual report -- "Building Trust in a Cloud Sky" -- surveyed 2,000 IT professional in 2016 and specifically looked at the current state of cloud adoption, the primary concerns that practitioners have about the cloud and security implications in all of that.

Trust in the cloud on the rise

The trust and perception of public cloud services continues to improve year-over-year. Most organizations view cloud services as secure or more secure than private clouds, and more likely to deliver lower costs of ownership and overall data visibility.

Those that trust public clouds now outnumber those that distrust public clouds by more than 2:1. Improved trust and perception, as well as increased understanding of the risks by senior management, is encouraging more organizations to store sensitive data in the public cloud. Personal customer information is the most likely type of data to be stored in public clouds, kept there by 62% of those surveyed.

MyPOV

About time! To be honest, I'm really wondering what is going on in the heads of the one-third of respondents who have a blanket distrust of the cloud. Have they not realized that mission-critical workloads in every industry and every geography are being driven from the cloud? What's not to trust?

Sure, issues arise, as they do in any IT situation. There is, in my view, no such thing as a "cloud trust issue." There are generally "IT trust issues," and practitioners would be well-advised to remember this.

Risks also rise: Shadow IT and the cybersecurity skill shortage

The ongoing shortage of security skills is continuing to affect cloud deployments. Almost half of the organizations surveyed report that the lack of cybersecurity skills has slowed adoption or usage of cloud services, possibly contributing to the increase in shadow IT activities. Another 36% report that they are experiencing a scarcity but are continuing with their cloud activities regardless. Only 1% of those surveyed state that they do not have a skills shortage.

Due to the ease of procurement, almost 40% of cloud services are now commissioned without the involvement of IT, and unfortunately, visibility of these shadow IT services has dropped from about 50% last year to just under 47% this year. As a result, 65% of IT professionals think that this phenomenon is interfering with their ability to keep the cloud safe and secure. This is not surprising given the amount of sensitive data now being stored in the public cloud and more than half (52%) of respondents reporting they have definitively tracked malware from a cloud SaaS application.

MyPOV

I get nervous every time I hear the term "shadow IT." The term describes the idea that business end users are able to self-provision software or infrastructure for themselves. Instead of the traditional model where a solution was requisitioned from IT, under the utility model that cloud generally follows, all business users need is a credit card and they're good to go.

This is, of course, totally toxic to traditional IT, which wants to be the gatekeeper and controller. Some of this desire is justified and is an attempt to avoid the implications of poor governance, risk and compliance practices. But much is just self-interest. I would suggest that, given the higher levels of visibility that customers get from cloud computing (yes, a generalization, but bear with me), the risks that come with that adoption are generally less than traditional enterprise IT models.

Notwithstanding risk (real or perceived), the fact is that this survey shows that a growing number of organizations are going down a cloud road no matter what. Rather than bemoaning this fact, organizations should work proactively to allow them to do so, but within the context of a safe environment. The days of FUD and turf protection are over and everyone involved in IT needs to realize that.

This article is published as part of the IDG Contributor Network. Want to Join?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Must read: 10 new UI features coming to Windows 10