Have Cyber Security Concerns Slowed Progress For Cloud Services?



Dan Gunderman
01/11/2018

Despite the emergence of big names in cloud computing services – say, Google Cloud or Amazon Web Services (AWS) – there still appears to be hesitancy amongst security teams to fully embrace the new technology.

But hope is not all lost for the cloud – not by a long shot. A majority of respondents to a recent survey – of 90 organizations across industries – carried out by the consulting company McKinsey, suggested that they will likely embrace cloud computing in the near future.

Despite cloud’s appearance in numerous headlines, industry forecasts and the heightened convenience of reducing overhead and removing internal hardware, many organizations are still undecided on full migration. The reason that McKinsey cites: security issues.

According to the survey, in findings also relayed by the Business Insider, the organizational pace toward public clouds (and away from private servers) has been slow. Just 40% of the responding companies had more than 10% of their workloads on public clouds.

Respondents appear to have chosen cyber security as the biggest cloud taboo. Yet, as mentioned, the tides appear to be changing.

See Related: Top Tips For Optimizing Mobile Security In The Enterprise

In its report, McKinsey writes, “Despite the benefits of public-cloud platforms, persistent concerns about cyber security for the public cloud have deterred companies from accelerating the migration of their workloads to the cloud.”

It continues: “Executives cited security as one of the top barriers to cloud migration, along with the complexity of managing change and the difficulty of making a compelling business case for cloud adoption.”

So, a part of the battle lies in the potential disconnect between the security team and senior-level management – an issue long plaguing the cyber security space.

Although the motion has been sluggish, 80% of the companies are planning to place more than 10% of their workloads onto public cloud systems or plan to double their use of cloud services in the next three years, according to the report.

In another key statistic, according to a recent survey from LogicMonitor, 83% of enterprise workloads are projected to be in the cloud by 2020. This is a mix of public platforms, private cloud or hybrid cloud. Also, the survey suggests that on-premises workloads will shrink from 37% today to 27% by 2020.

So, has a heightened trust of the services emerged?

See Related: Evaluating Risk Leads To Proactive Security Practices

The McKinsey study reads, “Interestingly, our research with chief information security officers (CISOs) highlights that they have moved beyond the question, ‘Is the cloud secure?’ In many cases they acknowledge that cloud-service providers’ (CSPs) security resources dwarf their own, and are now asking how they can consume cloud services in a secure way, given that many of their existing security practices and architectures may be less effective in the cloud.”

It continues, “Some on-premises controls (such as security logging) are unlikely to work for public-cloud platforms unless they are reconfigured. Adopting the public cloud can also magnify some types of risks.”

“The speed and flexibility that cloud services provide to developers can also be used, without appropriate configuration governance, to create unprotected environments,” it reads.

The consulting company advises organizations to have a “proactive, systematic approach to adapting their cybersecurity capabilities for the public cloud.”

The statistical findings on the cloud come amid news of the Meltdown and Spectre security flaws revealed last week. The longstanding (20-year) vulnerabilities impact Intel, AMD and ARM chips and can “expose just about every server, desktop system and smartphone,” according to Tech Target. Most notably, though, the same site notes that right in the crosshairs could be servers in large data centers which host cloud computing environments.

Many major cloud providers either assured users that their services were not impacted, or swiftly released security updates, the site notes.