Enterprise cloud adoption and IaaS security

Barracuda Networks and research firm Vanson Bourne polled 300 IT decision makers from organizations across the US on their use of public cloud Infrastructure as a Service (IaaS).

Survey results

Respondents included IT professionals across small, medium, and large-sized organizations, and their answers paint the following picture:

  • Respondents currently run 44 percent of their infrastructure in the public cloud, but expect this percentage to increase to 75.57% in five years
  • 74 percent of respondents state that security concerns restrict their organizations’ migration to the public cloud
  • 77 percent of respondents believe that public cloud providers are responsible for securing customer data in the cloud, and 68 percent of decision makers are under the impression that cloud providers are responsible for securing customer applications as well
  • Despite lack of clarity around the shared responsibility model, 30 percent of organizations have not added additional security layers to their public cloud deployments
  • On average, respondents say that their organization uses three public cloud service providers.
  • Of those who use more than one provider, the most likely reasons for doing so are that different providers have different strengths (68%) and that it increases security (52%)
  • Almost half (46%) of respondents believe that Microsoft Azure has the best public cloud IaaS security offering
  • Amazon Web Services is used by almost half (46%), despite only a fifth of (20%) respondents feeling it has the best data security
  • Almost two thirds (64%) of respondents report that they trust public cloud more than they did five years ago, despite a large proportion not having their security needs completely met.

enterprise cloud adoption IaaS security

  • Two thirds (67%) of respondents say that their organization has added additional security solutions to their public cloud to protect it during access
  • Nearly two thirds (64%) of those whose organization has added additional security solutions say that they route their branch locations’ traffic to their headquarters and then pass it to the cloud using a dedicated MPLS circuit in a central location

    enterprise cloud adoption IaaS security

  • “This survey confirms what we are hearing from customers and partners — security remains a key concern for organizations evaluating public cloud, and there’s confusion over where their part of the shared responsibility model begins and ends,” said Tim Jefferson, vice president, public cloud, Barracuda.

    “Many organizations realize that cloud deployments can be inherently more secure than on-premises deployments because cloud providers are collectively investing more into security controls than they could on their own. However, the organizations benefiting most from public cloud are those that understand that their public cloud provider is not responsible for securing data or applications and are augmenting security with support from third-party vendors.”

    Recommendations

    Many organizations often leverage multiple cloud providers alongside an on-premises infrastructure, which increases complexity. Customers are advised to partner with third-party security vendors who support a wide range of ecosystems with similar solutions, preventing added cost and complication.

    Many organizations weigh cloud licensing options by usage, hourly, or unlimited subscriptions, giving them a better understanding of how to utilize these options for greater cost control. Customers should partner with third parties that offer licensing options that meet their layered security needs.

    Particularly in multi-cloud and hybrid environments, centralized management is critical. Customers should look for vendors that can provide a common management scheme—either in their solutions or using public cloud security infrastructures to simplify managing and monitoring ongoing security.