Cloud computing is becoming mainstream, and whether they know it or not, virtually all businesses around the world have some data in the cloud. Even major financial institutions are moving data to the cloud. Speaking at the 2015 Tectonic Summit, J Ram, who serves as managing director at Goldman Sachs where he heads up the cloud platform business unit, told attendees about 85 percent of the company's workloads are now operating in a cloud framework.
"Survey Analysis: How Cloud Adoption Trends Differ by Geography" (A May 2016 Gartner report) looks at cloud usage in North America, Asia Pacific Japan (APJ), Latin America and Western Europe, and reports "that adoption of cloud services across all regions is strong, with more than 90 percent of of each region indicating they had deployed a cloud service by the end of 2015." However, we believe those figures don't account for Shadow IT, cloud services – including apps like DropBox, personal email accounts and other applications – used by business units and employees without the knowledge or control of the business's IT organisation. If the proper controls are not in place, cloud services are probably in use in some fashion in every organisation.
Although some private data does not belong in the cloud, in general cloud computing makes good business sense because it's more economical than housing data. With cloud computing, organisations no longer need to buy technology they rarely use. When systems are in the datacentre they are often sized for peak loads, such as student registration season, public holidays or other promotional periods, and then might operate at very little load for most of the year. Cloud customers can scale their infrastructure up and down with the load, and can lease equipment rather than buy it so they only pay for what they use.
Before the cloud, organisations would often purchase three complete systems for a new project: one for production, one for development and testing, and one for quality assurance. They might also have bought additional systems for business continuity. Typically, once a project went live the use of the non-production system was very low. The system was still in a business's datacentre consuming power and cooling costs, and was consuming employees' time to keep them patched and running with no business benefit. Whereas it might be hard to determine the cost of housing such a system on premises, cloud customers receive a monthly bill showing all usage and costs, allowing customers to determine the business value of a system and whether or not it should be turned on at all or only when actually needed, such as during normal business hours. Additionally, cloud service providers provide business continuity so customers don't need to purchase a system sitting in a datacentre in case a disaster happens. As well as saving costs, cloud saves time as businesses no longer have to wait for the IT department to purchase hardware to provide services they require.
Although cloud services handle much of the heavy lifting of computing, businesses are still responsible for taking part in securing their data. Cloud providers like AWS clearly state that security is a shared responsibility model. Cloud providers ensure the "security of the cloud," but customers are responsible for "security in the cloud." Wherever your data resides in the cloud, even if it is there because employees are using cloud services without your knowledge, you are held responsible for securing your customers' data and for maintaining compliance just as you are when data resides in your datacentre. SecureWorks helps organisations secure data in the cloud and control Shadow IT, providing the same type of services we have been providing for the past 17 years. Using our Counter Threat Platform (CTP), which consists of advanced analytics, machine learning, expert system correlation, global threat intelligence, and applied intelligence based on an organisation's industry, SecureWorks provides an early warning system for evolving cyber threats to help prevent, detect and rapidly respond to cyberattacks.