Where your colleagues stand with the cloud – and what has them worried


There’s no shortage of options when it comes to the cloud. So which are your peers turning to? And what are their biggest concerns? A new survey has the answers. 

According to a SANS Institute and CloudPassage survey, the overwhelming majority of IT pros rely on either a hybrid (40%) or private (38%) cloud model as their primary architecture. That eclipses the public model.

And what are they doing with the cloud? For most, the use was for software-as-a-service (SaaS), or cloud applications. Fifty-nine percent of respondents are using SaaS currently, and another 22% plan to implement it in the next year.

What’s going in the cloud?

Of course, cloud storage remains one of the selling points of the platform. Companies are using this tool to store a variety of sensitive data and information, including:

  • business intelligence (52%)
  • financial and accounting records (52%)
  • employee records (48%)
  • customer personal information (40%), and
  • intellectual property (35%).

These records are subject to a variety of privacy laws, including:

  • the Payment Card Industry Data Security Standard (49%)
  • Sarbanes-Oxley (39%)
  • local or state jurisdiction laws (38%), and
  • HIPAA (37%).

And that was a big concern for the IT pros surveyed. A full 72% of those who responded cited compliance as a major concern.

Depending on how you look at it, that’s either much easier or much more difficult to maintain with the cloud. On the one hand, most organizations are hard-pressed for time and resources, which could make managing and securing sensitive data daunting. Most providers are probably used to accommodating these requests and have staffs that are capable of securing the data in line with regulators’ requirements.

On the other hand, there’s something to be said for having control of this sensitive data yourself. In that situation, the risk may be yours, but so is the certainty that you’re actually getting the protection you need.

Other concerns

Compliance was far from the only concern that respondents had about their cloud services.

Others included:

  • Lack of incident response support, with lack of visibility cited (48%)
  • Lack of VM and workload visibility (46%), and
  • Provider-introduced vulnerabilities resulting in a breach or incident (26%).

There’s no one answer as to whether these risks would be untenable for your organization. But in the meantime, they give some good insight on what to ask providers before signing or extending a contract.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy