Security Concerns Impede Cloud Adoption

Security Concerns Impede Cloud Adoption

Cloud computing is changing how IT is consumed. The expectation of cloud is 'build faster and run better at a lower cost.' At the same time, the change required, coupled with the complexity and confusion in moving to cloud, represents the biggest IT challenge in decades.

While the mantra 'cloud first' is becoming the 'new normal' for many organizations, significant challenges remain for organizations making this shift - especially those in regulated industries.

Atop the list of key concerns and inhibitors for cloud adoption according to ongoing 451 Alliance survey data - security is the top inhibitor to cloud adoption.



Security Advantages of Public Cloud

Security encompasses the physical IT assets, availability of services, data governance, data protection and more.

Public clouds, such as Amazon's AWS and Microsoft's Azure, are extremely secure because providers have a vested business interest in being as durable as possible.

Advantages of public cloud services include:

Access to a large pool of skilled experts that identify, contain and eradicate security threats

Availability of incident response and malware protection

Performance analysis through security intelligence systems powered by massive compute resources and data sets

Choice of multiple deployment models and disaster-recovery profiles (e.g., hot, warm and cold)

Embedded security intelligence in 'as-a-service' operations

Alerts to subscribers of potential hazards and attacks

Public Cloud - A Shared Security Model

Amazon, Microsoft, Google and other hyperscalers have never lost a significant amount of customer data because they are only responsible for providing the platform, not for holding users' hands.

Contrast this with a private cloud, where enterprises weigh security in balance with other considerations in the overall investment. It's far more likely that enterprises will cut corners or suffer from security inexperience.

Public cloud providers' security strategies eliminate as much inconsistency and variability as possible. This includes a clear demarcation between customer responsibilities and provider responsibilities.

Demarcation of responsibility is a key differentiator between public and private clouds.

Hyperscalers have a shared security model that puts this responsibility on end users. Cloud providers can secure the infrastructure itself, but end users are obligated to integrate security measures on their own to protect applications and workloads.

Users can fail by running insecure applications or making poor security choices.

Public cloud providers make their living by removing uncertainty from infrastructure - not from people.

Cloud is a Work in Progress

Most companies are not cloud-native, but as they make the shift to cloud they face challenges that require a new approach to security. It requires a comprehensive, proactive and adaptive threat protection model that is embedded into the fabric of the business.

Every company has its own unique risk profile, which is the result of being in a particular industry or geography. That profile will reflect whatever legacy, organizational, or institutionalized policies and behaviors are inherent to that company.

This ultimately is gating their use (or lack of use) of public cloud.




To receive more articles like this, join the 451 Global Digital Infrastructure Alliance. The 451 Alliance is a member-driven 'think tank' comprised of a worldwide network of highly-qualified enterprise technology and IT professionals. The Alliance tracks changes in corporate IT and digital infrastructure technologies well in advance of other sources and reports findings directly to its members.

Thanks to our partnership we are able to offer our members a complimentary membership. Membership includes access to 451 Alliance's weekly research reports and a bi-weekly newsletters. Join now!

Opinions expressed by the author are not necessarily those of WITI.