Rejoice, children of the cloud, for the long awaited day is finally upon us: since it’s first mention over two decades ago, and being popularised by Amazon’s Elastic Compute Cloud offering in 2006, cloud adoption and spending has surpassed on-premise IT among businesses.

So says The Cloud Industry Forum, which has been monitoring cloud adoption among UK businesses year-on-year since 2011. Seven years later, cloud usage has infiltrated almost every organisation in one form or another, bringing with it improved flexibility, agility, mobility and cost effectiveness.

According to its findings, The Cloud Industry Forum revealed that almost nine in ten (89%) businesses are fully immersed in one cloud-based service or another, with adoption levels continuing to rise. For the first time in the cloud’s history, cloud infrastructure receives almost a fifth of businesses total IT budgets (19%) and surpasses on-premise and legacy spenditure (18%). This margin will only widen, as businesses plan to reduce their current on-premise spending by a third (down to just 12%) in the next three years.

If that weren’t enough, the cloud is also the key enabler of a new revolution, acting as the backbone of artificial intelligence (AI), big data, blockchain, the Internet of Things (IoT) and machine learning, to name a few. Each of these technologies is already revolutionising a host of industries – all thanks to the cloud. Coupled with the belief from 82% of businesses that the cloud will become their chief enabler, a future centred around cloud-based applications seems a given.

So, the naysayers have been converted, the cloud has been universally adopted and long time cloud campaigners can reap the rewards and breathe a collective sigh of accomplishment as they witness the dawn of the fourth industrial revolution, right?

If only it were that simple.

Half the Battle

With cloud migration at an all time high, so too are surrounding security concerns, thanks to more and more valuable information being entrusted to cloud providers.

Cloud security may not be the turn-off it once was, but it is still a vital factor of any cloud adoption in serious need of some TLC. This is true today more than ever, as businesses face crushing consequences if they fail to secure and manage cloud-stored customer data in the wake of GDPR. That aside, the reputational impact that comes with a breach can be equally as damaging. As businesses continue to shift their IT estates to cloud environments, the cloud has become a 21st century El Dorado for ambitious hackers.

This year has seen cyber-criminals deposit a JavaScript cryptocurrency miner on an unprotected Amazon Web Services (AWS) bucket, belonging to the L.A. Times, which was ultimately served on victim websites unbeknownst to its owner. The reason for this? There’s a modern myth that the responsibility to secure an infrastructure-as-a-service (IaaS) belongs to the IaaS provider. This is certainly not the case, as AWS provides its users with a plethora of security controls. Sadly, due to this misbelief, many users leave their buckets in an unsecured state with accessible public permissions.

Verizon, the NSA, the US military and private organisations Octoly and Alteryx have all seen documents stolen from unprotected AWS buckets due to the same misunderstanding. If organisations of this stature are missing the mark, it’s frightening to think what’s going on with businesses with less support, education or know-how.

Similarly, Tesla and Aviva have both fallen victim to illicit cryptocurrency mining operations after using open source Kubernetes administration consoles designed by Google that were remotely accessible, with no password protection in place.

Regardless of these constant fear mongering headlines, many businesses still don’t believe their cloud security measures are up to scratch. Three in five respondents of The Cloud Industry Forum research admitted there was room for improvement when it came to the security and regulatory provisions of their cloud deployments, with half (50%) doubting their ability to comply with data regulations.

This may come down to a serious skill shortages, which in turn acts as a driver for organisations to turn to SaaS solutions – solutions even the likes of Tesla and the US military fail to properly understand and secure. The study found that businesses currently devote 19% of their IT budgets to cloud infrastructure which, for the first time, exceeds spend on traditional on-premise infrastructure and on-premise legacy systems (18%), highlighting the shift in expectation for service providers to manage their security.

Whatever the case, while cloud adoption may be at an all time high, how businesses are going about securing it leaves a lot to be desired. Here are three ways you can start securing your cloud today:

Value trust

When asked why they have turned to cloud-based services, less than a quarter (24%) cited a trustworthy IT partner as their reasoning, with improved agility, flexibility, scalability and growth topping the list. Whilst these are noble reasons for cloud adoption, organisations would be wise to better prioritise a trustworthy partner. After all, not all partners are created equal and in the ever changing security landscape it’s worth checking in with the new players, the most trusted teams and the evolving technologies that could secure your cloud service better than your current partner.

Seek validation

Whilst security isn’t the obstacle to adopting cloud that it once was, that doesn’t mean it can simply be left to its own devices. When asked if their cloud services had been validated by a third party last year, a measly 34% of respondents said yes. This year things look to be improving, with six in ten seeking advice from outside parties – although that still leaves almost half of businesses still not seeking a second opinion. In order to get serious about security, and regulation, a fresh set of eyes is a must. A new perspective can share ideas, progress, do’s and don’ts, and help you avoid unnecessary and potentially costly and dangerous pitfalls. Two heads are better than one, after all.

Don’t go it alone

As the cloud continues to ooze into businesses the world over, IT teams are having to reevaluate the skill set they need to keep up, let alone thrive. Throw continuous digital transformation efforts into the mix and it’s clear to see why half of The Cloud Industry Forum respondents felt they were failing when it came to their security, technical, and cloud abilities.

In an industry of near constant change it’s impossible for IT teams to properly visualise their infrastructure, mine the details, gather resource level information and understand the relationship and interconnectivity of those resources and how they affect security posture. To stay ahead of the curve, savvy businesses are deploying SaaS services to eliminate these pressures, equipping them with a full view of their cloud assets – from inter-relationships between network, application, access perspectives and more. The result is a simply visualised security strategy coupled with invaluable insights and less pressured IT teams.