Medium and large enterprises have mixed feelings about cloud infrastructure security according to a new survey conducted by Clutch, a leading B2B research firm. While 22% of enterprises ranked security as the number one cloud computing benefit, 31% also identified security as the most prevalent challenge.
What is clear, however, is that security concerns are not stopping organizations from investing aggressively in cloud: 90% of enterprises plan to increase or maintain annual spending on cloud computing this year.
David Linthicum, SVP at CTP, spoke with Sarah Patrick, the analyst behind the survey. His insights give context to the survey findings on cloud infrastructure security and enterprise cloud computing.
Are you surprised that respondents identified security as a primary benefit of cloud computing for enterprises?
I am surprised, because many companies don’t yet understand that cloud systems are often more secure than the traditional on-premise systems they replace.
Because of the cloud’s state-of-the-art security, hackers are more likely to go after the on-premise systems. We have seen this with Home Depot and Sony, among other large-scale hacks that occurred in 2015.
All major public cloud providers, including AWS, Microsoft and Google, are typically much more secure than on-premise systems.
How does cloud infrastructure offer enterprises better security?
Cloud services use built-in encryption that is fundamentally more advanced than those of most on-premise solutions. Matching cloud encryption levels requires a lot of additional cost, effort and expertise.
In what ways is cloud infrastructure more secure than legacy systems?
Public clouds are monitored 24-7, 365 days a year, by both humans and machines that are making sure security breaches do not occur. And, if security concerns do arise, they are corrected as quickly as possible. In this way, the security systems are very sophisticated. Some examples of important components of cloud security are:
- Governance & Monitoring
- Proactive management
The cloud also stays up-to-date at all times in terms of security practices and new technologies, because it is managed centrally. Legacy systems on the other hand, are more difficult to keep updated because enterprises may have to go around to several hundred thousand platforms to check and update security systems. So it’s easier for legacy systems to fall behind in terms of updates.
How can cloud computing service providers communicate the level of security their services offer?
Vendors could do a better job of communicating use cases. It’s one thing to talk about security features, but we need more positive use cases to share how companies are succeeding securely in the cloud.
In what ways does cloud increase efficiency in the enterprise environment?
The cloud increases enterprise efficiency in a number of ways.
First, cloud is typically more cost-effective. Instead of buying hardware and software, which are large expenses, a company can rent software and resources from a cloud service, and these resources are scalable. The cloud also provides huge soft cost savings in terms of increased agility, improved productivity and reduced risk.
Second, the cloud enables centralized operations, applications and data management. Centralization provides agility, and ultimately reduces costs. With the cloud, a company can add and delete workloads and allocate resources as needed, nearly instantaneously. The cloud removes the latency inherent in many business processes.
What are the main costs factors for moving to the cloud?
Higher implementation cost will pay off in the long-term. Here’s a rough breakdown:
- Humans – There is a learning curve, as with any type of technology. An enterprise has to put in the money initially that will lead to the human knowledge required to make the cloud sustainable in the business environment.
- Mistakes – In the initial stages, companies may need to use a process of trial-and-error to figure out which cloud services to leverage.
- Security and Governance Planning – There is often more security and governance planning required than organizations initially think when implementing the cloud.
What are the most frequently used security standards?
CSA (Cloud Security Alliance) is top of mind. CSA resides on the cloud, and there are active organizations that work on standards related to how to secure a cloud-based system.
Standards and compliances for a particular business or industry also make sense. These standards determine how businesses deal with audits and internal processes, such as Sarbanes Oxley, HIPAA and PCI information.
ISO is also a popular standard.
What factors should enterprise companies consider when selecting a cloud computing service provider?
- Viability in the Market (i.e., presence around the world) – Are these enterprises going to be around in five years in the same state, or will they have to abandon a service and start over in the future?
- Features and Functions – Are they able to give me the type and quality of service my company needs in comparison to other providers?
- Performance Record — How many outages has the cloud service had? Were they proactive and communicative when these difficulties arose? How much did the outage cost the cloud vendor and the enterprise using the vendor?
- Ability to Maintain Service Level Agreements (SLAs) — Is the service able to reimburse clients upon not meeting the SLAs?
Why should you bring in external help for your cloud implementation?
Cloud professional services firms have pre-established processes for cloud implementations and often a better knowledge base because they work across industries. The experience and additional resources these firms bring to clients enables them to move to the cloud faster, more safely and, ultimately, more successfully than if they made the journey on their own.