Seventy-eight percent of organizations are using or planning to use cloud services, according to IDC’s CloudView Survey 2016, which confirms what we suspected – cloud computing is now mainstream. Digging deeper into the data, IDC researchers noticed a second wave of cloud adoption. While early adopters of the cloud focused largely on cost savings, more organizations are approaching cloud investments strategically. How can we use the cloud to innovate? How can the cloud support digital transformation? How can we leverage the cloud to increase revenue?
Federal, state and local government agencies have joined corporate America in adopting cloud services. According to the Netwrix 2016 Cloud Security Survey, the top three benefits for the government sector are “anytime, anywhere” system availability (70 percent), flexibility in resource utilization (50 percent) and cost savings (40 percent). The cloud also allows agencies to deliver important services more quickly and efficiently, add or remove capacity and cloud services as needed, improve collaboration and productivity, and reduce the burden on strained IT teams.
At the federal level, the number of applications hosted in on-premises data centers has significantly decreased. This is due in large part to the 2011 cloud-first initiative that required federal agencies to move appropriate services to the cloud and ensure that data in the cloud is properly secured and managed.
Still, 87 percent of government agencies are reluctant to move critical assets to the cloud because of security concerns. However, nearly half of government agencies at all levels said the cloud actually made their systems and data more secure, and none said security suffered because of cloud adoption. This illustrates the disconnect between perception and reality. In reality, the cloud is typically more secure than on-premises environments because cloud providers have more expertise, more advanced security tools and more finely tuned security processes.
While many cloud security concerns are overblown, they continue to hold back cloud adoption. Although 40 percent of respondents in the government sector are concerned about the ability to enforce security policies in the cloud, 80 percent believe people who are authorized to access to the cloud – their own employees – pose a serious threat. In other words, people tend to create more of security risk than the cloud itself.
Overcoming these concerns requires an organization to approach security as a shared responsibility. You can’t just rely on the cloud provider to keep your data safe. You have to manage and control access to agency resources that are hosted in the cloud and make sure endpoints are properly secured. Users need to be trained to follow best practices for managing passwords and accessing cloud resources in a way that complies with government policies and regulations.
However, a recent MeriTalk study found that just 53 percent of state and local governments develop a formal migration strategy before adopting cloud services. This is an essential first step. What applications should be moved to the cloud? What are the goals? What are the security and compliance risks? How will user activity be monitored and security policies enforced? Would a hybrid cloud strategy, which utilizes both public and private cloud resources, make the most sense?
These and other questions must be answered to ensure visibility, control, compliance and security in the cloud. While the cloud is generally more secure than on-premises IT environments, government agencies need the right combination of people, process and technology to minimize risk.
by Edna Zielmanski