The age of cascade development and long drawn out software…
The secure use of cloud-based services
There are few organisations left that believe they can hold back the tide of cloud-based services flowing into their
businesses. For many organisations, the use cases are now overwhelming and the choice is not whether to accept
cloud-based services, but how well prepared they are for their use.
Cloud enthusiasts, avoiders and the middle ground
With regard to their attitude to the use of cloud-based services organisations can be placed in one
of four broad categories. At one extreme are outright enthusiasts whilst at the other are avoiders
that shun such services. In-between are case-by-case users that deploy cloud services in a
controlled way and supplementary users that take a more casual approach.
Public cloud services will prevail
Since similar Quocirca research was conducted two years ago there has been a dramatic change.
The proportion of UK businesses classing themselves as enthusiasts has doubled from 19% to 38%;
avoiders have declined by two thirds from 23% to 10%. In-between casual supplementary use is
giving way to controlled case-by-case use.
For many the case for cloud is overwhelming
The change is being driven by a number of positive use cases for cloud that make the direction of
travel inevitable. These include on tap infrastructure to avoid over (or under) investment, the
support for live-in-the-cloud business processes and the outsourcing of utility applications to third
party specialists. If IT management does not support the move, lines of business will drive it
anyway through shadow IT.
The value of knowledge and coordination
The confidence to use cloud-services is associated with confidence in IT security. This is driven by a
number of factors including improved user knowledge and the ability to co-ordinate security policy
and the response to incidents. These factors, together with investment in a range of advanced
security capabilities, all have positive correlation with enthusiasm for cloud.
A wide range of security capabilities are deployed
The current research looked into the use of a wide range of security capabilities. These include
general data protection measures (such as data loss prevention), user end point security and
capabilities aimed more specifically at cloud use (such as secure proxies, policy-based encryption
and access rights). In most cases cloud enthusiasts were the most likely to place the highest value
of these security technologies.
Confidence in security is highest at the extremes
Enthusiasts of cloud services prepare the ground by investing in security on a broad front as an
enabler. Avoiders invest too, but mainly in security measures that can block use, for example
through end-point controls. Supplementary users are the least likely to have invested in most given
security capabilities, whilst case-by-case users, like avoiders, focus in on end-point controls and
secure login for the specific use cases they allow.
Motivators for investment in security vary by attitude
For all organisations, the top motivator for investment in security is regulatory compliance.
However, cloud avoiders are most likely to cite this as the top issue, along with the insider threat.
For case-by-case users customer compliance is high on the list, whilst for enthusiasts supporting
external users and preventing hacking come to the fore as they expand their attack surface
through their more open approach to the world.
The business case for the use of many cloud services is now so strong that if IT departments try to stem use, users will work their
way around the measures that are put in place. IT management is there to enable the business and its role is to facilitate use
through putting in place a security platform that gives them the confidence to move from saying “no” to saying we “know” who is
doing what with our data.
Read the full report here: http://quocirca.com/content/no-know-secure-use-cloud-based-services