Not so long ago, concerns about lax cloud security prevented many CIOs and IT directors from giving public cloud migration the green light—especially when it came to their mission-critical applications. Security challenges haven’t gone away, but confidence in cloud cybersecurity defenses has increased.
More than half of firms in the survey (52 percent) say their cybersecurity has benefited from cloud deployment (see Figure 11a). And 63 percent say the cloud environment has improved their protection from cyberattacks without threatening the integrity of mission-critical workloads (see Figure 11b).
"The hesitancy customers used to have about moving to [the] cloud due to security concerns has largely passed," says Oracle’s Fred Kost. "Now, most tell us they think security in the cloud is better than the security they can provide in their data centers."
This positivity helps to explain why more than half (53 percent) of respondents say their firms have moved most or all their mission-critical workloads and applications to the cloud.
Figures 11a. & 11b. Cloud’s effect on security
The impact that our approach to cloud technology has had on cybersecurity
The cloud gives improved protection from cyberattacks without threatening the stability and availability of mission-critical workloads
Dr. Gerard Gorman, Reader in Computational Science, Imperial College London
“In the vast majority of cases, you're going to achieve a much higher level of security and more resilience if you put your mission-critical applications in the cloud,” says Dr. Gerard Gorman, reader in computational science at Imperial College London. He adds: “This is because cloud companies tend to invest much more in security and compliance than any other business. At the flick of a switch, services can be replicated across multiple regions, providing higher performance and redundancy in the event of outages.”
Deloitte's David Linthicum, meanwhile, says that this extends to the cloud native development environment. “One of the greatest advantages of cloud native is security,” he says. “For instance, by using native identity access management capabilities, for example, you’re able to operate in a much more secure environment than on premises.”
Of course, the definition of mission-critical differs from one business to another. Among the surveyed firms, it’s most likely to refer to development and testing of applications, ERP systems, and marketing and CRM applications (see Figure 12).
Figure 12. Mission-critical workloads and applications that have been prioritized for cloud deployment
Note: Respondents were asked to select all that apply.
None of this means, however, that businesses can relax: cyberthreats haven’t gone away. Our respondents recognize this: when we asked them which developments would most help their organizations enhance their cloud approaches in the next five years, 15 percent (their top response) sought an improvement in security capabilities.
And it should come as no surprise that security is respondents’ biggest challenge to implementing their overall approaches to the cloud. Security concerns are cited by one-third (34 percent) of firms, with other challenges including ineffective transition strategies, compliance issues, and skills gaps. But this might simply reflect how seriously they take the protection of their assets—in the cloud or elsewhere. After all, it is those senior executives—especially CIOs and CISOs—who are responsible for the security of their firms’ data.
Security technologies with built-in automation for the cloud will help companies to address threats more effectively, supported by AI and ML. But Oracle’s Kost warns that cyberattackers are using these same technologies to build more-sophisticated threats for their own purposes. “We must be able to defend against attacks at scale,” he says.
Ultimately, however, the biggest threats to security are internal. Oracle predicts that, by 2025, 80 percent of security attacks will originate from inside the enterprise.3 Many of these “attacks” will take the form of security misconfigurations caused by human error, which in turn open up vulnerabilities that attackers are able to exploit.
For these reasons, 87 percent of IT professionals see AI and ML capabilities as a must-have for new security purchases.4 And while three-quarters of those IT professionals view the public cloud as more secure than their own data centers, 92 percent do not trust that their organization is well prepared to secure public cloud services.5
Imagine being able to combat those threats by using autonomous technologies that can automatically apply patches and validate system integrity around the clock. That’s the benefit of second-generation cloud.
Fred Kost, Vice President of Product Marketing—Security, Oracle
3. “2020: Oracle’s Top 10 Cloud Predictions,” Oracle, oracle.com/a/ocom/docs/cloud/oracle-cloud-predictions-2020.pdf.
4. “Oracle and KPMG Cloud Threat Report 2020,” Oracle, oracle.com/cloud/cloud-threat-report/.
5. Ibid.