So, that’s that then. The cloud is no longer the hottest topic in technology. However, one thing regarding the adoption of cloud computing: while it’s widespread, usage isn’t as ubiquitous as initially promised.
There are, of course, many reasons for this. If we listen to the initial surveys regarding the barriers to cloud adoption, the topic of security certainly appears top of mind. One of the biggest questions we have is when exactly will we have ubiquitous usage? By ubiquitous we are referring to its use in environments classified as high risk.
A recent study we conducted with the Cloud Security Alliance shows that the ubiquitous use of cloud is only just around the corner, and the implications are potentially significant, depending on your current job role. One of the key questions we asked was this:
When do you think 80% of your organization’s IT budget will comprise cloud computing services?
I will be honest, and admit that if I had to guess, I would have said perhaps 3-5 years. Oh, and for some countries (you know who you are) I might have even guessed “never!” In fact, the term “never” would have actually proceeded with “Over my dead body!” Well, okay that is a little exaggeration, but you get the point. I have asked security professionals when they will hand over control to third parties, and the response is often negative. However, this particular survey of 1,200 IT Security Practitioners revealed the following answers (in months):
Your eyes are not deceiving you. Respondents are basically saying that 80% of their IT spend will comprise the cloud within 1-2 years (with one notable exception!) If we look at CISO’s responses only their timeline is even more aggressive at 12 months. I have to be entirely honest and admit that I will be surprised if adoption is this quick. However, the responses do show intent.
While the challenges of cloud adoption are well documented, one thing is perfectly clear: businesses are actively looking at migrating away from on-premises to entrusting third parties to look after their digital assets. The implications for this migration are significant. I remember asking Jim Reavis, Founder of the Cloud Security Alliance, about this in a panel we conducted a few years ago. In particular, I asked about the type of skills security practitioners will need in the future. His response for the audience was somewhat alarming. Consider this: if 80% of the computing resources are hosted by third parties, then what is the need for internal technical resources? Will the skills needed by an enterprise IT department become analytical in nature, in order to verify that the service meets the required SLAs? As an industry we worry about how we can address the cyber-skills shortage, and the above suggests that it will simply be outsourced.
Whether the cloud migration will occur within the next year remains to be seen, but one thing is for sure. We need to begin addressing not only how we preserve the required level of transparency within a third-party computing platform, but also how we individually ensure we have the necessary skills for an environment that will look completely different than what we see today.