As the world awaits the fate of NSA’s Edward Snowden – traitor or whistleblower – both Gartner and IDC have released new numbers highlighting the rampant adoption of cloud-based computing. According to Gartner, end-user spending on public cloud services is expected to grow 18% in 2013 to $131 billion, shooting up to more than $180 billion by 2015. IDC is even more bullish, predicting a 26% compound annual growth rate for public cloud services through 2015, albeit starting on a smaller base. It predicts that by then 15% of all IT expenditures for software, servers and storage will be through the public cloud.
This cloud love fest makes the growing concern about security and trust in the cloud a potentially significant roadblock. Last week the Cloud Security Alliance – 48,000 individual members and 70 chapters globally – announced the results of it survey on government access to information, as well as more than 30 entries from major cloud providers have been made to its Security, Trust and Assurance Registry (STAR).
More than half (56%) of non-US residents were now less likely to use US-based cloud providers, in light of recent revelations about government access to customer information. An overwhelming 90% of respondents said that companies who have been subpoenaed through provisions of the Patriot Act should be able to publish summary information about the amount of responses they have made.
“Transparency has always been a significant part of the CSA’s vision, and today this objective is more critical than ever,” said CSA co-founder and executive director Jim Reavis in a prepared statement. “Our goal with our research efforts, and with the CSA STAR program, is to continue to encourage transparency of security practices within cloud providers.”
Security and risk are much bigger problems than many realize, according to Rajiv Gupta, CEO, Skyhigh Networks, a CSA member. In an earlier interview with IT Trends & Analysis, the developer of cloud visibility and control offerings said organizations are adopting a range of cloud services for analytics, collaboration, CRM, development, project management, social media, storage and more. However, while these services can enhance business agility, improve employee productivity, and reduce costs, they are too often unsanctioned services – i.e. Shadow IT – that create blind spots for IT departments that can put corporate data at risk and threaten an organization’s ability to comply with regulations.
“The reason why our employees and lines of business are using these services are because they’re high value,” said Gupta. “They don’t have to wait months: $20 on my credit card and I get it today.”
He said in 2012 survey of IT Managers, 47% said that at least half of the corporate IT spend was Shadow IT. One customer reported that they thought their employees were using between 25-30 cloud services, but on average they were using between 300-400. Another customer found a 10X discrepancy between authorized and actual usage.
“We have more than 2,500 different cloud services in our cloud registry, and we are adding 500 new services every six weeks.” Stopping employees from going around IT to use these services is like playing whack-a-mole, he said. Every time you block one, six more crop up.
Gupta said by 2016, 25% of enterprises will secure access to cloud services using such software as that created by Skyhigh. That’s a significant jump from the less than 1% in 2012.
However, until organizations devote more resources to securing their cloud use, many companies won’t even know they have a problem, some will know, but not the scope, while others will know, but not how to control them, said Gupta.