Over recent weeks there has seemingly been a plethora of research and surveys conducted into security concerns in the cloud computing world. Security is one of the hottest topics due to the penalties and repercussions which are the result of a breach, but is fear the main driver for security in the mass adoption of cloud computing?

For Intel’s EMEA CTO for security, Raj Samani the driver is a simpler explanation; the perception of cloud.

“There still is a lack of understanding of what the cloud is and where the cloud is,” said Samani in an interview with Telecoms.com. “Most people think that it’s some fantastic breakthrough, and to a degree it is. But ultimately, it’s someone selling computer resources over the internet. Most people perceive cloud as a technology, but in reality its outsourcing.”

While security is viewed as one of the biggest challenges when adopting the cloud, it doesn’t seem to be stopping anyone. In a recent survey, Intel uncovered a number of fears as well as ambitions of businesses throughout the world. Despite security and compliance, enterprises are wasting little time in making the transition. In fact, the finding claim more than 80% of IT budgets will be directed towards the cloud within 16 months.

For Samani, something doesn’t quite add up. Security is the number one concern for the industry, IT departments don’t trust public cloud environments with sensitive workloads, but the rate of adoption is growing faster and faster every day. There is a distinct gap between reality and perception, but also a basic understanding of what the cloud is.

“Cloud computing is so ubiquitous and such a part of our everyday lives, we take it for granted,” said Samani. “All of the apps on your phone are cloud-based, but no-one thinks about that. When you start to talk about businesses adopting the cloud, this is where you have the level of visibility where security becomes a concern.

“When you ask someone who is making the transition into the cloud what their biggest challenge will be, its security the majority of the time. But when you talk to someone who has already implemented the cloud, interoperability is the number one concern. There is a significant gap between the perception of the cloud, and the reality.”

The attitudes towards security have progressed in recent years, as decision makers have accepted the reality 100% secure is not possible. Becoming as secure as possible should be the objective, and since this concept has been adopted as an acceptable standard throughout the industry, the conversation on how to remain as secure as possible is much more open.

But now we are entering into a new realm of disparancey surrounding transparency. One of the assumptions when entering a cloud agreement is the fact the proposition being purchased is secure. It may be sold as secure, but what secure means to an individual may vary.

“Risk appetite is a word you’re going to hear more and more over the coming years,” said Samani. “For a cloud proposition to work you need to understand your risk appetite and purchase appropriately.

“One of the areas which people don’t seem to understand or grasp now is that risk cannot be outsourced. The reality is the risk still sits with you. We saw this with TalkTalk and the impact of their breach. The risk probably wasn’t calculated correctly and they lost 100,000 customers.”

Understanding the risk associated with moving workloads into the cloud is an area which will could define a buying decision. This is one of the reasons why numerous organizations have several cloud providers. The risk appetite has been defined for individual workloads, cloud environments identified which suit this risk profile and then purchased. Workloads can be moved between cloud environments (in theory) should the risk change, though you are paying an appropriate amount of money for the risk associated with the workload itself.

But transparency is an area which upsets the risk equation. In theory it is fine to write into a contract a customer has the option to audit a cloud providers asset, but when you are AWS and have thousands of customers, is this nice idea feasible? Probably not.

“Transparency is a challenge as you never truly know how secure a third party environment is,” said Samani. “But we will start to see trends where companies are taking control of their own risk and adopting technologies to provide a level of assurance.

“Imagine I’m driving a car down the M1 at 100 mph, are you going to get in the passenger seat? Probably not. But what if I told you I had seat belts? Maybe. What if I told you we had airbags as well? Probably. Companies will find controls and measures to give them a level of trust in a vendor to ensure they can operate effectively.

“CASBs (Cloud Access Security Brokers) will be one of the biggest trends we’ll see in the next couple of years.”

Cloud Access Security Brokers are one of the technologies which are beginning to gain traction in the industry, as its giving control back to the customer. Data can be encrypted before it is given to any third parties providing an extra level of assurance and peace of mind. The technology is allowing customers to keep the complexity on the data, address security challenges and vendor lock-in concerns, all on premise before anything is sent to a third party cloud.

“CASb is the ultimate business case, because you can do things faster and more efficiently – you can actually but an ROI and a TCO next to it,” said Samani.

The transition to the cloud has started, and irrelevant of what the concerns are, it is not going to stop. For Samani, the cloud offers companies an opportunity to concentrate on what they do best. Banks can focus on money, schools on education and media on entertainment, because complex IT issues can be outsourced.

Security will always be an issue, but this is very much defined by how it is managed. Once a suitable level of assurance is provided, the business can focus on what the real challenges are.