Intel have produced a very interesting survey on the way businesses perceive the Cloud, what they are looking for whether it is Private or Public and who seems to be the most secure.Below is my summary of the survey’s results.
Intel surveyed 200 IT professionals about a wide variety of cloud topics, including the key business and technology drivers behind their implementation plans, the importance of security in determining how the cloud is implemented, and their level of investment in security as part of cloud initiatives. The respondents were IT professionals in organizations of 100 to 1,000-plus employees across a variety of industries.
- 18% of the companies surveyed already offering cloud services
- 42% are currently in the process of implementing
- 38% are in the evaluation stage
- 4% are planning to evaluate cloud initiatives
Security plays a major role in the selection of a deployment model for 99% of the companies surveyed but only 44% sited security issues as the foundation for their decision making in selecting a private versus public cloud delivery model.
- 80% said the most common drivers of security plans for cloud initiative issues are related to protecting customer, vendor, and employee data
- 76% said protecting servers and other platform/infrastructure resources from attack was the most important
- 72% said it was protecting financial data
- 48% believed that the overall organizational investment in cloud initiatives is security related.
- 52% are deploying the private cloud (or most likely to be utilized)
- 31% prefer a hybrid cloud 11% prefer a public cloud
Security was cited as the biggest concern by 66% of those surveyed about outsourcing some IT to a cloud service provider
Other key findings from the survey include the following:
Implementing security is no easy task
- 60% have experienced moderate challenges
- 22% have experienced major challenges
Security concerns are similar for outsourcing
- For 66% data loss and compromised platform or infrastructure assets are the biggest concerns for IT professionals when it comes to outsourcing to a cloud provider
- For 60% the security capabilities and assurances offered are extremely important to 60% of IT professionals when making a selection.
Trust in cloud service providers is mixed
- 54% of IT professionals have some trust in the ability of their cloud service provider to secure assets in the cloud
- 43% have a great deal of trust
Hardware-based security provides greater assurance
- A cloud service provider with additional hardware-based security measures is viewed as delivering a higher level of security by 78%.
Minor differences by company size
- Data reveals no significant differences in results amongst the range of company sizes in their survey. However, of those companies with 1,000 or more employees, 24% are already offering cloud services, compared to 10% for each of the other segments
Intel asked IT professionals to tell us about security in their current IT environment
- 31% are regularly thwarting 100 or more virus or malware attacks every month
- Companies with 500 or more virtualized servers are more likely to be thwarting an even greater volume of attacks. In this category, approximately 31% report thwarting more than 500 attacks every month, and 24% are thwarting 1,000 or more attacks.
IT professionals report a wide variety of potential security concerns to keep them up at night. Three top the list:
- 62%, attacks targeting specific data types
- 61% attacks of server, platform, and data centre infrastructure assets
- 60% and hackers seeking to gain control of software assets 4. Almost half are concerned about rootkit attacks at the hypervisor level or below, network attacks, and attacks targeting end-point devices
For those organizations with a cloud vendor already in place, controlling access to cloud resources becomes a more significant concern (70% versus 51%).
Cloud computing is considered an important strategic investment by almost all the companies surveyed with
- 18% is already offering cloud services or capabilities
- 76% of those currently evaluating or planning to evaluate expect to implement cloud services within the next year
They asked IT professionals to tell us what technologies they were currently deploying that support a current or planned cloud environment
- 73% are currently using virtualization to consolidate servers and enabling virtual machine (VM) mobility across multiple servers in order to support a cloud
- Nearly half offer automation and metering and chargeback based on usage and enable business units to self-provision resources.
Choice of a Private Cloud
- For 52% of those surveyed a private cloud is the leading deployment model, no matter what phase of implementation
- The Private Cloud is the preference for 63% of those already offering cloud computing
- 51% of those in the implementation phase prefer the Private Cloud
- For those still evaluating the cloud 49% prefer Private Cloud
Public clouds are more likely to get consideration from companies with:
- 500–999 employees (29% versus 5% among smaller and larger companies) Less than 10 worldwide locations (17% versus 5% among companies with 10 or more locations)
- 250–499 virtual servers (31% versus 3% among companies with 500 or more virtual servers)
- Less than $10 million U.S. dollars (USD) in revenue (21% versus 7% among companies with USD $10 million or more)
Although there is a clear preference for delivery model, the same is not true for the cloud service being considered or already implemented. All three of the major services get equal consideration across the survey sample:
- 58% Software as a Service (SaaS)
- 57% Infrastructure as a Service (IaaS)
- 56% Platform as a Service (PaaS)
The IT professionals they surveyed recognized the importance of security across delivery models and for both internal and external implementations. They back up their concern with a high level of investment in security as part of the overall investment in cloud initiatives. For example, when averaged across the sample group 48% of the investment in cloud initiatives is related to security.
Do high-profile security breaches reported in the news have any impact on cloud decision making? When asked to recall recent newsworthy breaches or attacks
- 24% mention the high-profile public security breach of the Sony* PlayStation* Network
- 70% say the breaches they recall have no impact on their decision to move forward with cloud initiatives.
- 30% are on hold while they deepen their evaluation of their security plans and controls
The survey asked respondents to say what they experienced as the greatest challenges to implementing security
- 95% who are already implementing or offering cloud services have experienced slight challenges in implementing security for a private or hybrid cloud
- 22% indicated that they had experienced major challenges
The biggest headache? Data Protection challenges, experienced by 44% of those surveyed
Asked how they overcame their challenges, those surveyed reported that their top method was to increase or upgrade security measures, as well as to research thoroughly and leverage vendor relationships. Other approaches included training, hiring consultants, and increasing budget. A number of companies continue to grapple with unresolved issues.
64% of companies surveyed have had their planning efforts influenced by the following organisations, number 1 being the highest influencer
- Cloud Security Alliance (CSA)
- Open Data Centre Alliance (ODCA) – more than a third
- Trusted Computing Group (TCG)
- Distributed Management Task Force (DMTF)
Of the IT professionals surveyed
- 61% are currently evaluating a cloud service provider
- 23% have selected a cloud service provider
- Most reported that the security component offered by the cloud service provider is important, with 60% considering it extremely important.
The leading concern of those surveyed about outsourcing some IT to a cloud service provider is security – 66%
One in three cited compliance issues related to privacy and regulations as one of their greatest concerns
Among IT professionals who are evaluating or have already chosen a cloud provider
- 54% have some trust in the ability of their cloud service provider to secure assets in the cloud
- 43% have a great deal of trust
- 60% reported that they were extremely or very concerned about the infrastructure their cloud provider uses
- This is even higher for those thwarting 10 or more attacks a month (35% versus 15% for those fighting off fewer attacks)
In this same group
- 68% are concerned about rootkit hypervisor attacks
- 35% are extremely concerned
- Those IT professionals thwarting 10 or more malware attacks per month are twice as likely as those fighting off fewer attacks to be extremely concerned about rootkit hypervisor attacks (40% versus 19%)
Providing the right security assurances goes a long way toward building trust in a cloud service provider
- According to those who have chosen or are evaluating cloud providers, security controls in the platform (74%) are the most common security assurances provided
- Those already using a cloud service provider are significantly more likely to be assured of security controls in the platform than those IT professionals still evaluating vendors (85% versus 70%).
78% believe a cloud service provider with additional hardware-based security measures to reduce some forms of malware provides a higher level of security. This was higher for those companies thwarting 10 or more attacks per month (62% versus 42% for those fighting off fewer attacks).
48% IT professionals report that cloud service providers make their security assurances moderately visible whilst 45% report them as highly visible.
Regular, periodic reports on security incidents (73%) are the most common methods used by vendors to document compliance with privacy or other regulatory requirements, followed by specified level of responsibility for a security breach (60%) and the ability for the organization to conduct compliance audits (60%).
Security Is Foundational to Those Offering Cloud Computing
By far the biggest business and IT drivers for security are protection of data and server platforms. Compared with companies implementing or evaluating cloud computing, those companies already providing cloud-based services are more likely to:
- List their top two IT drivers as the need to protect data (74%) and the need to protect servers and other platform and infrastructure resources from attack (66%)
- Say security was the foundation of their decision for implementing a private cloud initiative versus a public cloud (57% versus 41%
- Report high visibility into the security assurance provided by cloud service providers (67% versus 40%)
- Have considered or implemented SaaS over PaaS or IaaS (86% versus 52% of those implementing or evaluating cloud services)
- Be deploying technology that enables business units to self-provision resources (71% versus 44%)
- Have an enterprise-class data centre (60% versus 21%) with more than 500 virtualized servers (34% versus 13%)
- Be from companies with more than 1,000 employees (24% versus 10%)
High Level of Concern about Security in the Early Planning Stages
Those evaluating or planning to evaluate cloud computing are inclined to be significantly more worried about security than those already offering services or in the implementation stage. Those in the earlier stages tend to be:
- Driven most by the need to protect data (87%) and to protect servers and other platform and infrastructure resources from attack (76%)
- Least confident that their current network and data centre assets are adequately protected (43% very confident versus 64% not confident)
- Able to recall more high-profile breaches and attacks (55% versus 33%)
- Least trusting of the ability of cloud service providers to secure their assets in the cloud (20% have a great deal of trust versus 58%)
- Least likely to be influenced by industry standards groups
Midsize Companies Are Implementing Cloud Initiatives
Now In the sample group, those in the process of implementing cloud computing are inclined to be from midsize companies with 100–999 employees. They tend to be:
- Driven more than any other stage of implementation category by the need to protect servers and other platform and infrastructure resources from attack (81%) and to protect data (75%)
- More likely to consider a public cloud (23% versus 2% of those already offering services or in the planning and evaluation stage)
- More likely to have a localized or regional data centre (57% versus 41% of those already
For further information visit the Intel web site here.