The emotional side of virtualization: how trust affects cloud adoption and security decisions - (A survey of US, UK and German IT decision makers) ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Paper The emotional side of virtualization: how trust affects cloud adoption and security decisions (A survey of US, UK and German IT decision makers)
White Paper Author • Răzvan Mureșan [2]
White Paper Executive summary Virtualization is a strategic priority at large companies, and trust plays a crucial role in their choice of cloud service provider and in determining the type of data they store outside company infrastructure, according to a Bitdefender survey of 503 IT decision makers at companies in the US, the UK and Germany with more than 1,000 PCs. Hybrid infrastructures, a mix of public cloud services and privately owned data centers, have become the major architecture in the enterprise environment, and CIOs have to adapt to the new world. This survey, carried out by iSense Solutions, reveals why companies virtualize, which countries CIOs trust and what kind of data companies care most about. Key findings • Half of IT decision makers in the US see cloud as more secure than on-premise infrastructure, while the majority in Germany and the UK trust their own data centers most • Companies choose hybrid infrastructures for their greater flexibility and room for expansion (55%), increased productivity (54%), superior storage capacity (47%), and lower costs (46%) • The cloud service providers US IT decision makers most trust are in the US, followed by Canada and England, while those in India, Singapore and Iceland are among the least trusted. German IT decision makers rely on German and Dutch cloud service providers and distrust US-based suppliers. UK IT decision makers tend to choose the US, the UK and Germany • Data that decision makers would never move outside the company include information about clients and employees, research data about new products and financial information. • In-house infrastructures were often favored for allowing greater company control than with external solutions By 2025, some 80% of corporate data centers will disappear as the cloud becomes the primary deployment for information technology, according to recent predictions. The hybrid approach of blending the cloud and the data center has already become a reality. According to researcher MarketsandMarkets, the hybrid cloud market is growing far faster than the overall IT market and will achieve compound annual growth of 27% until 2019. The market is expected to surpass $50-billion this year, double the $25 billion registered in 2014. Analysts expect the hybrid cloud market to reach $85 billion in 2019.1 According to advisory company Gartner, by 2019, more than 30 percent of the 100 largest vendors’ new software investments will have shifted from cloud-first to cloud-only. Companies that have heavily invested in their own private data centers are the first to embrace the hybrid approach. A Bitdefender report published in December, 2016 shows most companies have experienced cloud security incidents such as lack of visibility (51%), a lack of policies (41%) and potential access by unauthorized devices (34%). Gartner recently predicted that the cloud will most commonly be used in a hybrid manner by 2020, and emphasized that purely off-cloud operations will largely disappear by the end of the decade. The advisory company estimates that, by 2019, new software investments of more than 30 of the 100 largest vendors will have shifted from cloud-first to cloud-only. However, companies choose to virtualize more hardware by substituting it with less expensive and more versatile software, as shown in a Bitdefender survey of more than 500 IT decision makers. US IT decision makers say hybrid environments allow more flexibility and room for expansion, while they also increase productivity and security. Most US respondents even place security as their third-most important argument for migrating to the cloud (53%), far more than Germans (36%) and Britons (37%). Cost-effectiveness is one of the top three reasons mentioned by IT decision makers from enterprises in the UK and Germany. [3]
White Paper Why companies made the switch to hybrid infrastructures (%) US (multiple answers) More flexibility and room for expansion 55 More flexibility and room for expansion More flexibility and room for expansion Increases productivity Increases productivity More flexibility and 54 room forproductivity Increases expansion More secure More secure IncreasesMore 53 productivity secure Service providers offer superior storage and capacity Service providers offer superior storage Service providers offer and capacity superior storage More 47 secure and capacity More cost effective than own infrastructure Service providers offer superior storage and capacity More cost effective than own infrastructure More cost effective than 46 own infrastructure Service providers are flexible More cost effective than Service own infrastructure providers are flexible Service providers are flexible 40 0 10 20 30 40 50 60 0 10 20 30 40 50 60 Service providers are flexible 0 10 20 30 40 50 60 UK (multiple answers) Increases productivity 46 Increases productivity Increases productivity Service providers are flexible ServiceIncreases 45 Service providers are flexible providersproductivity are flexible More cost effective than own infrastructure More cost effective providers than 43 More cost effective than own infrastructure Service are flexible own infrastructure More flexibility and room for expansion costflexibility effective and thanroom 42 More flexibility and room for expansion MoreMore own infrastructure for expansion Service providers Service providers are responsible for are problem responsible for any problem Moreany flexibility Service providers and room are responsible forfor any 38 expansion problem More secure More secure Service providers are responsible for any 37 Moreproblem secure 0 10 20 30 40 50 0 10 20 30 40 50 More secure 0 10 20 30 40 50 More flexibility and room for expansion More flexibility and room for expansion Germany (multiple answers) Increases productivity More flexibility and room for expansion More flexibility and 53 room forproductivity Increases expansion More cost effective than having our own infrastructure Increases productivity Increases More cost effective than having our 51 productivity own infrastructure Service providers offer superior storage and capacity More cost effective than having More Service our own costproviders effective infrastructure than superior offer having our 50 own infrastructure storage and capacity Service providers are flexible Service providers offer superior storage providersand arecapacity Service providers offer superior storage and capacity Service 39 flexible More secure Service providersMore are flexible secure Service providers are flexible 38 0 10 20 30 40 50 60 0 10 20 30 40 50 60 More secure More secure 36 0 10 20 30 40 50 60 USA USA Canada 27 Canada 27 USA Bitdefender’s survey also shows that trust is vital when companiesEngland choose a cloud provider. Most respondents place greater trust in England Canada 27 suppliers from their own country. Japan Japan England Germany An overwhelming majority of US IT decision makers still have the most confidence in storing data in their own country. After the US, the Germany Japan Francethe UK and Japan. main countries US IT decision makers favor for data storage are Canada, France Germany Singapore Singapore France After the UK, UK IT decision makers trust the US, Germany, Japan and France, while only 5% of Germans would store their data in the US. Australia Australia Most German respondents place Germany first (89%), followed by the Netherlands, Singapore 0 Japan and 20 40 the UK.60 80 100 0 20 40 60 80 100 Australia 0 20 40 60 80 100 England England USA USA England Germany Germany USA Japan Japan [4] Germany France France Japan
More flexibility and room for expansion More More flexibility flexibility and and room room for for expansion expansion Increases productivity Increases Increases productivity productivity More cost effective than having our own infrastructure White Paper More More cost cost effective effective than than having having our our own own infrastructure infrastructure Service providers offer superior storage and capacity Service Service providers providers offer offer superior superior storage storage and and capacity capacity Service providers are flexible Service Service providers providers are are flexible flexible Location of most-trusted cloud computing service providers (%) More secure More More secure secure 0 10 20 30 40 50 60 0 0 10 10 20 20 30 30 40 40 50 50 60 60 US IT decision makers (multiple answers) USA 92 USA USA USA Canada 2727 Canada Canada 27 Canada 27 England 26 England England England Japan 25 Japan Japan Japan Germany 20 Germany Germany Germany France 13 France France France Singapore 13 Singapore Singapore Singapore Australia 11 Australia Australia Australia 0 20 40 60 80 100 0 0 20 20 40 40 60 60 80 80 100 100 UK IT decision makers (multiple answers) England England 64 England England USA USA 47USA USA Germany Germany 25 Germany Germany Japan Japan 24 Japan Japan France France 20 France France Australia Australia 19 Australia Australia Canada Canada 16 Canada Canada Netherlands Netherlands 12 Netherlands Netherlands 0 10 20 30 40 50 60 70 80 0 0 10 10 20 20 30 30 40 40 50 50 60 60 70 70 80 80 German IT decision makers (multiple answers) Germany Germany 89 Germany Germany Netherlands Netherlands 11 Netherlands Netherlands Japan Japan 10 Japan Japan England England 9 England England Iceland Iceland 7 Iceland Iceland France France 7 France France USA USA 5 USA USA Singapore Singapore 4 Singapore Singapore 0 20 40 60 80 100 0 0 20 20 40 40 60 60 80 80 100 100 The least-trusted destination for data storage is India, mentioned by 44% of US respondents, 35% of UK respondents and 43% of German India respondents. It’s worth noting that IT decision makers did not mention Russia India India or China among the least trusted 10 countries, showing that they are not even taken into consideration as a viable option for data storage by respondents based in the US, UK, and Germany. They may Singapore have also been mentioned as others (by less than 3% of those surveyed). Singapore Singapore Iceland “If businesses or governments think they might be spied on, they will have Iceland less reason to trust the cloud and it will be cloud providers who Iceland ultimately miss out,” Neelie Kroes, former European Commission VP for digital affairs, said in a speech, as cited by The Guardian. “Why Japan would you pay someone else to hold your commercial or other secrets,Japanif you suspect or know they are being shared against your wishes? Japan Front or back door – it doesn’t matter – any smart person doesn’t want the information shared at all. Customers will act rationally and Canada providers will miss out on a great opportunity.” Canada Canada 0 10 20 30 40 50 0 0 10 10 20 20 30 30 40 40 50 50 The European Data Protection Supervisor, EU’s authority responsible for privacy and data protection, says information processed in the cloud usually flows through - and is stored in - various jurisdictions across the globe that might not offer an equivalent level of protection: “Cloud providers must, therefore, guarantee by way of a contract with the customer or in binding corporate rules, that all transfers of [5] India
White Paper information to non-EU jurisdictions will meet specific data protection requirements to provide adequate safeguards. (…) Ideally, they say, under the terms of the contract, customers should be informed about access requests from law enforcement agencies. Moreover, information should only be handed over to law enforcement bodies in accordance with clear procedures defined in international or bilateral agreements. “Such procedures are under discussion but in many cases are not yet official agreements.”2 Bitdefender’s survey confirms that the US is perceived as the least trusted destination by 54% of German IT decision makers, and by 14% of UK IT decision makers. Besides the aforementioned European regulations, one reason for this distrust might be that European companies distrust US suppliers and are concerned about data privacy, following the rescinding of the Safe Harbour data sharing agreement and the Edward Snowden leaks about potential mass-scale US snooping in the EU, as the BBC has noted. Safe Harbour, an agreement between the EU and US that took effect in 2000, was designed to provide a “streamlined and cost-effective” way for 5,000 US firms to get data from Europe without breaking its rules. The EU forbids personal data from being transferred to and processed in parts of the world that do not provide “adequate” privacy protections. So, to make it easier for US firms - including the tech giants - to function, Safe Harbour was introduced to let them self-certify that they are carrying out the required steps. In 2013, whistleblower Edward Snowden leaked details about a surveillance scheme operated by the NSA called Prism. It was alleged the agency had gained access to data about Europeans and other foreign citizens stored by US tech giants. After privacy campaigners went to court, Safe Harbour was invalidated by the Court of Justice of the EU in October 2015.3 Today, Privacy Shield is the framework that replaces the Safe Harbour scheme. Since August 2016, it allows US businesses to self-certify compliance with a set of privacy principles and, as a result, transfer personal data from the EU to the US in line with EU data protection law requirements. However, the legitimacy of model contract clauses for EU-US data transfers are being tested as Irish authorities say EU-US data transfers “fail to provide for individuals’ rights to privacy, the protection of their personal data and their rights to effective remedy as required under of the Charter of Fundamental Rights of the EU.” 4 Furthermore, after Donald Trump became president of the US, the European Commission expressed concern over the recent decision to eliminate privacy protection for non-US citizens and requested additional guarantees that Privacy Shield, a pact signed up by 1,500 companies over the past six months, won’t be eliminated. On a different note, Singapore was cited by 22% of respondents in the countries surveyed, on average, as the least trusted country for data storage, followed by Iceland, at an average of more than 10%. Bitdefender security specialists advise that, when choosing a cloud service provider, it’s vital that the datacenter physically reside in a region or country in which data handling and storing legislation is favorable to the company’s business interests. A datacenter, regardless of the data it stores, falls under the data privacy and protection laws of the country it’s built in. Consequently, it’s vital that any company that plans to use a cloud service provider with datacenters outside its home country understand local data protection laws. Otherwise, the organization may risk judicial repercussions that could damage both finances and reputation. The EU’s General Data Protection Regulation (GDPR), which takes effect April 2018, will bring cascading privacy demands that will require a renewed focus on data privacy for companies that offer goods and services to EU citizens. Businesses that do not comply with GDPR face fines of as high as 4% of the company’s global annual revenue.5 [6]
Japan Japan Japan England England England Iceland Iceland Iceland France White Paper France France USA USA USA Singapore Singapore Singapore 0 20 40 60 80 100 Location of least-trusted cloud computing service providers (%) 0 0 20 20 40 40 60 60 80 80 100 100 US IT decision makers (multiple answers) India India 44 India India Singapore Singapore 21 Singapore Singapore Iceland Iceland Iceland 15 Iceland Japan Japan Japan 14 Japan Canada Canada Canada 12 Canada 0 10 20 30 40 50 0 0 10 10 20 20 30 30 40 40 50 50 UK IT decision makers (multiple answers) India 35 India India India Singapore 27 Singapore Singapore Singapore USA 14 USA USA USA Netherlands 13 Netherlands Netherlands Netherlands Iceland Iceland 13 Iceland Iceland 0 5 10 15 20 25 30 35 0 0 5 5 10 10 15 15 20 20 25 25 30 30 35 35 German IT decision makers (multiple answers) USA USA 54 USA USA India India 43 India India Singapore Singapore 19 Singapore Singapore England England 11 England England France France 5 France France 0 10 20 30 40 50 60 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Companies care most about information related to clients (i.e. credit cards, demographics, contracts) and employees (i.e. income, salary, service fees, contact information, stakeholders), researchInformation about clients data about new products and competition, and financial information. Most Information about Information about clients clients respondents in the surveyed countries perceive these types of data as sensitive and best to store on their own infrastructures. Organizations that handle sensitive or confidential data, or data relatedInformation about employees to intellectual property, need to ensure their private cloud infrastructure remains Information about Information about employees employees private. No one outside the local network should be able to access that data, and only authorized personnel should handle it. The private cloud needs complete isolation from public internet access Research about new products to prevent attackers from exploiting vulnerabilities to remotely access the data. Research about Research about new new products products Financial information The majority IT decision makers in the US that haven’t yet adopted the hybrid mix (less than 20 percent of those surveyed in total) say Financial information Financial information management has more control over in-house solutions than over external ones, while those in the UK and Germany perceive them as more secure than the public cloud option. Product information and specification Product information Product information and and specification specification 0 10 20 30 40 50 0 0 10 10 20 20 30 30 40 40 50 50 Information about clients Information about Information about clients clients [7] Information about employees
0 5 10 15 20 25 30 35 India White Paper USA India Singapore India Singapore Iceland Top 5 types of sensitive data companies would never move outside Singapore USA Japan the company (%) England Netherlands Canada France Iceland 0 10 20 30 40 50 0 10 20 30 40 50 60 0 5 10 15 20 25 30 35 US IT decision makers Information about clients 49 Information about clients USA India Information about employees Information about employees 47 India Singapore Research about new products Research about new products 42 Singapore USA Financial information Financial information 41 England Netherlands Product information and specification Product information and specification 37 France Iceland 0 10 20 30 40 50 0 10 20 30 40 50 60 0 5 10 15 20 25 30 35 UK IT decision makers Information about clients Information about clients 43 Information about clients USA Information about employees Information about employees Information about employees 39 India Financial information Research about new products Financial information 39 Research about newSingapore products Financial information Research about new products 35 England Marketing plans of the company Product information and specification Marketing plans of the company 32 0 10 20 30 40 50 France 0 10 20 30 40 50 0 10 20 30 40 50 60 Research about new products German IT decision makers Information about clients Research about new products Information Financialabout 46 clients information Information about employees Financial information Information about Information employees about 45 clients Financial information Research Research about about the market andnew products competition Information about clients 42 Research about new products Financial information Information about employees Research about the market and competition 37 Marketing plans of the company 0 10 20 30 40 50 Product information and specification Information about employees 35 0 10 20 30 40 50 0 10 20 30 40 50 Research about new products Information about clients Financial information Information about employees Information about clients Financial information Research about the market and competition Research about new products Information about employees Marketing plans of the company 0 10 20 30 40 50 [8] 0 10 20 30 40 50
White Paper Methodology This survey, conducted in October 2016 by iSense Solutions for Bitdefender, included 503 IT security purchase professionals from enterprises with 1,000+ PCs based in the US, the UK and Germany. Half of the respondents originate from the United States, while 153 are from the UK and 100 from Germany. Some 62 percent of organizations surveyed in the US have over 3,000 employees, while 14 percent have between 2,000 and 2,999 and 24 percent employ between 1,000 and 1,999. Some 44 percent of the organizations surveyed in the UK have over 3,000 employees, while 21 percent have between 2,000 and 2,999 and 35 percent employ between 1,000 and 1,999. In Germany, almost half of the organizations surveyed have over 3,000 employees, while 6 percent have between 2,000 and 2,999 and 45 percent between 1,000 and 1,999. [9]
White Paper About Bitdefender Bitdefender is a global security technology company that provides cutting edge end-to-end cyber security solutions and advanced threat protection to more than 500 million users in more than 150 countries. Since 2001, Bitdefender has consistently produced award-winning business and consumer security technology, and is a provider of choice in both hybrid infrastructure security and endpoint protection. Through R&D, alliances and partnerships, Bitdefender is trusted to be ahead and deliver robust security you can rely on. More information is available at http://www.bitdefender.com/. Author: Răzvan Mureșan 1 – SPECIAL REPORT: CIOs Say Hybrid Cloud Takes Off, WSJ, October 2015, http://blogs.wsj.com/cio/2015/10/20/special-report-cios- say-hybrid-cloud-takes-off/ 2 - European Data Protection Supervisor, 10) CLOUD COMPUTING, https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/Dataprotection/ QA/QA10 3 – BBC, October 2015, Facebook data transfers threatened by Safe Harbour ruling, www.bbc.com/news/technology-34442618 4 - Legitimacy of model contract clauses for EU-US data transfers to be tested in Irish case, February 2017, http://www.out-law.com/en/ articles/2017/february/legitimacy-of-model-contract-clauses-for-eu-us-data-transfers-to-be-tested-in-irish-case/ 5 – PwC, Moving forward with cybersecurity and privacy, citing EU’s General Data Protection Regulation, http://www.pwc.com/gx/en/ information-security-survey/assets/gsiss-report-cybersecurity-privacy-safeguards.pdf [10]
White Paper [11]
Bitdefender is a global security technology company that delivers solutions in more than 100 countries through a network of value-added alliances, distributors BD-Business-Mar.23.2017-Tk#: 70585 and reseller partners. Since 2001, Bitdefender has consistently produced award-winning business and consumer security technology, and is a leading security provider in virtualization and cloud technologies. Through R&D, alliances and partnership teams, Bitdefender has elevated the highest standards of security excellence in both its number-one-ranked technology and its strategic alliances with the world’s leading virtualization and cloud technology providers. More information is available at http://www.bitdefender.com/ All Rights Reserved. © 2015 Bitdefender. All trademarks, trade names, and products referenced herein are property of their respective owners. FOR MORE INFORMATION VISIT: enterprise.bitdefender.com
You can also read