Cloud security is an issue, but it won't 'kill' the cloud

Despite risks, cloud adoption isn't slowing down

In the tech media, there is an IT "Game of Thrones" in progress, but the "killing" is mostly unwarranted. Supposedly, security will kill the cloud, the cloud will kill the CIO, Apple may kill passwords and, of course, BYOD and IT will try to kill each other.

While this might make a riveting HBO series (for a very niche audience), these are mostly empty threats - especially the death of the cloud. We've witnessed enough cyber attacks and privacy violations to know that security is an issue for IT systems on and off the cloud. Although many enterprises are skittish about the cloud, facts on the ground have effectively ended the debate.

The average company used 831 cloud services in Q3 2014, according to Skyhigh Networks' Cloud Adoption & Risk Report, which surveyed 13 million users from 350 organizations. Furthermore, Gigaom Research's recent survey of 500 IT decision-makers found that 71% of strategic buyers now use SaaS products, citing scalability, cost and business agility as the most important drivers. To be fair, 65% of respondents also said that security is the most important "inhibitor" to adopting cloud services.

What this means for IT

IT departments are well equipped to evaluate the security risks of SaaS products, which is why adoption continues to rise despite the acknowledged risks. Still, the scariest security blind spots have always been "rogue" IT deployments purchased and configured by marketers, salespeople and others who signed up for services without consulting IT.

In 2015 and 2016, I believe we'll see a slowdown in rogue behavior, because for the last several years, non-IT departments have overindulged in the cloud. Now that rogue departments have the services they want, they are holding off from adding new ones. In many cases, these departments have run into issues integrating, configuring or managing their cloud services, so they are starting to look to IT for help.

IT departments will have the opportunity to take ownership of these cloud services, and then implement security measures and policies. If IT is really smart, they will also improve these cloud services and make them even more useful. Rogue departments will realize that when they do need additional cloud products, talking to IT produces a much better outcome.

What about the customer?

Of course, this win-win scenario depends on IT departments approaching end users as customers. Sooner rather than later, IT needs to not only add value to cloud services but take the lead in finding new ones.

Cloud providers should be going out of their way to help IT departments test for security. Regardless of the testing that cloud providers routinely conduct, their customers are hiring third parties to perform security audits, and these services are very expensive. The same way in which ISPs provide tools for testing internet speeds and capabilities, cloud providers also need to invest in tools or services that help customers test and improve security. This will help the entire cloud industry build trust and prevent security disasters that might undermine it.

In 2015, there will be plenty of security failures, but they will not invalidate or kill the cloud. Adoption will continue to grow. Now that cloud is widespread, and departments have many of the services they want, IT will be able to take ownership of security and minimize future risks. The cloud will not be 'killed off' in IT Game of Thrones.

  • Sarah Lahav is the CEO of SysAid