Intel Security [INTC] released findings in its second annual cloud security report Monday and found that many international information technology (IT) departments think cloud-related cyber security is difficult although they increasingly are trusting adoption of cloud technologies.

The report, Building Trust in a Cloudy Sky, examines the state of cloud adoption, main concerns with private and public cloud services, security implications, and the impact of Shadow IT. The company surveyed over 2,000 IT professionals across industries, countries, and different sized organization in the fall of 2016. Countries covered include Australia, Brazil, Canada, France, Germany, Japan, Mexico, Saudi Arabia, Singapore, the United Arab Emirates, the United Kingdom, and the United States.

iStock Cloud 3

The survey found that trust in public cloud services continues to rise each year and currently trust outstrips distrust by a 2-to-1 margin. It says 62 percent of those surveyed kept personal customer information in the cloud, the most likely type of data to be stored in public clouds.

“The ‘Cloud First’ strategy is now well and truly ensconced into the architecture of many organizations across the world. The desire to move quickly toward cloud computing appears to be on the agenda for most organizations,” Raj Samani, EMEA chief technology officer at Intel Security, said in a statement.

“This year, the average time before respondents thought their IT budgets would be 80 percent cloud-based was 15 months, indicating that Cloud First for many companies is progressing and remains the objective,” he added.

However, 49 percent of the organizations asked reported a lack of cyber security skills has slowed adoption or usage of cloud services. The report says 36 percent also report they are experiencing a scarcity but are still continuing with cloud activities. Only 15 percent of those surveyed said they did not have a cyber security skills shortage.

Intel Security says that because procurement is so easy, now almost 40 percent of cloud services are commissioned without involving an IT department, known as Shadow IT services. Between 2015 and 2016 the amount of those services dropped from 50 to 47 percent. It says 65 percent of IT respondents think Shadow IT activity is interfering with their ability to keep the cloud secure, and related to that, 52 percent of them report that they definitively tracked malware from a cloud Software as a service (SaaS) application.

Intel made several recommendation on cloud security:

  • integrated or unified security solutions that provide visibility across an organization’s services may be the best cyber defense;
  • organizations should use authentication best practices because credentials are the likeliest form of attack on a cloud;
  • security technologies like data loss prevention, encryption, and cloud access security brokers (CASBs) should be integrated into existing security systems to provide automatic protection of sensitive data; and
  • organizations should move towards a risk management and mitigation approach to information security and consider adoption a Cloud First strategy to reduce costs and increase flexibility.