前言
云安全联盟(CSA)是一个非盈利组织,其使命是广泛推广云计算和IT技术中确保网络安全的最佳实践。CSA还负责教育这些行业内的各种利益相关者,让他们了解所有其他形式计算的安全问题。CSA的成员由广泛的行业从业者、公司和专业协会组成。CSA的主要目标之一是进行评估信息安全趋势的调查。这些调查有助于评估信息安全技术在业界不同阶段的成熟度,以及采用安全最佳实践的速度。
领先的网络安全解决方案提供商AlgoSec委托CSA进行一项调查,以增加业界对混合云和多云安全的了解,该调查由CSA于2018年12月至2019年2月在网上进行,向来自不同组织规模和地点的近700名IT和安全专业人士提交。大约500个组织回答了20个问题调查的大部分问题。问题涉及到云平台类型,负载比例等各方面,这项调查结果显示了当今云计算环境的复杂性,以及企业各层级对管理安全风险的关注。
笔者对CSA此次调查内容进行了分析,对企业在使用云技术的策略和问题有了三大发现,与大家分享。
发现一:混合云和多云策略的趋势将继续上升,预计在未来三年将显著增加
调查发现,大多数(66%)的受访者使用了多云环境;有超过三分之一的受访者使用公有云平台。组织内部可能同时存在公有云和私有云,其中超过55%的受访者系统运行在混合云环境。有趣的是,有超过三分之一的公司同时拥有多云和混合云。
发现二:企业对公有云的需求持续上升
在过去的十年中,很多企业已经制定了将工作负载从数据中心转移到云计算的计划,过去两年也不例外。CSA调查了受访者组织当前工作负载的上云情况,并要求对2020年底前的情况进行预测。上图可以看出:
- 当前14%的企业将工作负载的61%-100%放到了公有云上,较2017年增加了一倍。
- 虽然有9%的受访者表示,目前根本没有使用云计算来处理任何工作负载,但在他们对2020年的预测中,这一比例降到了4%。
- 2020年企业对公有云的需求还在不断增加,预测将超过40%的组织增加一倍左右。其中,IT行业的员工更倾向于选择81-100%的云计算工作量,而医疗保健(7%)和金融服务(8%)等受监管行业的员工则不这么认为。
发现三:安全问题是影响企业选择公有云平台的主要问题
当受访者被访问将企业的应用迁移到公有云上时的主要顾虑时,绝大多数受访者表示了对安全问题的担忧。安全问题是可以说是影响绝大多数企业的最大问题,数据丢失和泄露风险,合规性、法律问题,则分别列入了影响企业上云的第二、三和五位。在安全问题中,企业高度关注的核心问题是敏感客户和个人信息的泄露问题。
下面我们列出影响企业上云的五大问题:
- 安全问题(占81%)
- 数据丢失和泄露风险 (占62%)
- 合规性问题(占57%)
- 与现有的IT系统集成问题(49%)
- 法律问题(占44%)
除以上内容外,CSA的调查报告还在安全工具及安全事故等方面进行了分析,由于篇幅限制,将于下一次与大家分享。
本文参考:
Cloud Security Complexity: Challenges in Managing Security in Hybrid and Multi-Cloud Environments (2019)
Introduction
The Cloud Security Alliance (CSA) is a non-profit organization whose mission is to widely promote best practices for ensuring cybersecurity in cloud computing and IT technologies. CSA is also responsible for educating various stakeholders in these industries about security issues in all other forms of computing. CSA's membership consists of a wide range of industry practitioners, corporations, and professional associations. One of CSA's primary goals is to conduct surveys assessing information security trends. These surveys help evaluate the maturity of information security technologies at different stages in the industry and the speed of adopting security best practices.
Leading cybersecurity solutions provider AlgoSec commissioned CSA to conduct a survey to increase industry understanding of hybrid cloud and multi-cloud security. The survey was conducted online by CSA from December 2018 to February 2019, submitted to nearly 700 IT and security professionals from various organization sizes and locations. Approximately 500 organizations answered most of the 20-question survey. Questions covered cloud platform types, workload ratios, and other aspects. This survey results demonstrate the complexity of today's cloud computing environment and the focus on managing security risks at all levels of enterprises.
The author analyzed CSA's survey content and identified three major findings about enterprise strategies and issues in using cloud technology, sharing them with everyone.
Finding 1: Hybrid Cloud and Multi-Cloud Strategy Trends Will Continue to Rise, Expected to Significantly Increase in the Next Three Years
The survey found that the majority (66%) of respondents use multi-cloud environments; more than one-third of respondents use public cloud platforms. Public cloud and private cloud may coexist within organizations, with over 55% of respondents' systems running in hybrid cloud environments. Interestingly, more than one-third of companies have both multi-cloud and hybrid cloud.
Finding 2: Enterprise Demand for Public Cloud Continues to Rise
Over the past decade, many enterprises have developed plans to move workloads from data centers to cloud computing, and the past two years are no exception. CSA surveyed respondents' organizations' current workload cloud adoption and asked for predictions by the end of 2020. From the chart above:
- Currently 14% of enterprises have put 61%-100% of their workloads on public cloud, doubling from 2017.
- While 9% of respondents said they currently don't use cloud computing for any workloads, in their 2020 predictions this ratio dropped to 4%.
- Enterprise demand for public cloud continues to increase in 2020, predicted to double for over 40% of organizations. Among them, IT industry employees are more inclined to choose 81-100% cloud computing workloads, while employees in regulated industries like healthcare (7%) and financial services (8%) don't think so.
Finding 3: Security Issues Are the Main Concern Affecting Enterprise Choice of Public Cloud Platforms
When respondents were asked about their main concerns when migrating enterprise applications to public cloud, the vast majority expressed concern about security issues. Security issues can be said to be the biggest problem affecting the vast majority of enterprises. Data loss and leakage risks, compliance, and legal issues ranked second, third, and fifth respectively among factors affecting enterprise cloud adoption. In security issues, the core issue that enterprises are highly concerned about is the leakage of sensitive customer and personal information.
Here we list the top five issues affecting enterprise cloud adoption:
- Security issues (81%)
- Data loss and leakage risks (62%)
- Compliance issues (57%)
- Integration with existing IT systems (49%)
- Legal issues (44%)
Beyond the above content, CSA's survey report also analyzed security tools and security incidents, but due to space limitations, will share next time.
Reference:
Cloud Security Complexity: Challenges in Managing Security in Hybrid and Multi-Cloud Environments (2019)