Security is credited as the main reason big companies tend to go more for internal private clouds rather than external clouds; not just in Symantec's surveys. In others from Forrester, Gartner and The451 group as well.
Security is also cited most often as the reason both small and large companies have been putting mainly marketing apps, marketing people and application test/development staffs on cloud systems rather than departments they consider "critical" to the rest of the company. (Not often cited but true nevertheless, that ranking is responsible for double-digit increases in depression among marketers and test/dev managers who realize they've been ostracized. Depression is only noticeable among smile-all-the-time marketers, however. In test/dev the hands-on crew are all too busy breaking things to not have fun and the managers are already so beaten up one more shot at the ego has little incremental effect.)
Almost three quarters of cloud users don't do their own security on external clouds
Why is security such a big deal?
Could it be the hand-off, power-without-effort, auto-magical aspect of cloud computing (which is, mainly confined to the sales pitch, not the products or implementation)?
Is it significant that, even though security is the No. 1 concern (with a bullet) IT people have about cloud computing, 72 percent of companies already using external cloud providers cannot or do not take control of security on their own cloud-based servers?
That tidbit is from an upcoming survey from CloudPassage, a firewall- and intrusion-detection vendor that takes the odd approach of making cloud systems secure by adding more cloud to them, by selling its multilayer security software as a subscription service (SaaS) rather than as traditional software.
- According to CloudPassage's survey of IT people:
- 31.2 percent of companies let their cloud provider handle all the security;
- 21.3 percent do cloud-server security themselves, but manually rather than automated or by policy;
- 20 percent don't secure cloud-based servers at all.
I realize I said not too long ago that, as a specific technology, cloud computing doesn't exist.
I still believe that's true, but not to the extent that servers running in the cloud don't have to be secured or maintained because, in the cloud, the don't really exist or can't be found by bad guys. Metaphors like "cloud computing" are wonderful ways to shorhand complex concepts, but they're not good as hiding places for actual servers.