It might not be the best thing to have your head in the clouds. But it has become a very good thing, or at least a very popular thing, to have your business in the cloud-multiple surveys confirm it.

Druva, a cloud data management and security company, reported last month that moving virtualized workloads to the cloud, or cloud migration, is either a reality or a near-term goal for an overwhelming majority (90%) of 170 organizations it surveyed during July and August.

The Cloud Industry Forum reported more than a year ago that overall cloud adoption in the U.K. was at 88%, with 67% of users expecting to increase their adoption of cloud services over the coming year.

Forbes cited an April 2017 study from Intel Security that found 73% of companies are planning to move to a fully software-defined data center within two years.

And while the Druva survey found that most respondents plan to use a hybrid approach to cloud migration, the bottom line is clear: cloud has become mainstream.

Why Businesses Are Moving to The Cloud

There are multiple reasons for widespread cloud migration, but they all share a common theme: for most businesses, the cloud simply works better than so-called on-premises.

And it isn't just about money. While any organization is interested in cutting costs, the Druva survey also found the main drivers of cloud migration were disaster recovery, ease of management, and archival.

Other reasons for increasing cloud migration:

• The cloud has matured. It is no longer an untried, untested, risky product. Organizations don't have to feel like they're guinea pigs, being used to help work the kinks out of a new technology
• The big players are on board — from Amazon to Cisco to Microsoft — with mature cloud computing and data center
• Yes, money is a factor, in several ways.
  • ROI is easier to forecast, and implementation costs are minimal.
  • Storage is easier and less expensive.
  • It is scalable without breaking the budget, enabling both online and geographic expansion.
  • It lets an organization do more with less downtime, cost, and
  • It reduces infrastructure overhead.
• The cloud is reliable. A cloud vendor will go out of business if it isn't.
• It is highly available.
• It gives remote employees access and the ability to work over the internet.
• It offers better security. While there is some debate among experts about this, many say the cloud overall can provide better security than its customers have on-premises. Some providers will track and update the underlying server and other software, and do database backup and periodic maintenance.

All of which provide plenty of incentives for businesses to move to the cloud-which is exactly what they are doing.

How Businesses Are Moving to The Cloud

Given the variety of organizations, along with their needs, capabilities, and priorities, there are a number of ways they are "migrating" their applications. Steven Cohen, product marketing manager at Synopsys, profiled a number of them last December.

Lift and shift. This means moving an application, as is, to the cloud. It is appealing to organizations for which it is more efficient to, in effect, rent servers and data center infrastructure than to build, manage, and maintain their own. It generally involves using IaaS (infrastructure as a service) from the cloud provider.

Lift and refit. This is what it sounds like-moving applications to the cloud and then tweaking them so they will work more effectively in the cloud environment.

Cloud-native. This refers to new applications developed and built specifically for the cloud. An incentive to do that would be the CSP (cloud services provider) offering services that make application development faster. Obviously, these apps are designed to integrate well with the cloud computing architecture and to take advantage of a CSP's computing frameworks and services.

All this comes with a caveat, however. Organizations shouldn't think they can simply migrate workloads, storage, applications, and other operations into the hands of a CSP and forget about security because "they'll take care of it."

Mark Zurich, managing director at Synopsys, notes that organizations need to pay due diligence to a long list of potential security threats-some of them similar to what plagues every organization in any configuration, but some unique to the cloud.

They include data breaches and data loss, insecure APIs, malicious insiders, advanced persistent threats (APTs), denial of service, shared technology vulnerabilities, shared tenancy, multiple users on the same stack, and lack of encryption.

Besides all that, as Cohen put it nearly a year ago, "the cloud interfaces with just about every application and corresponding infrastructure stack in existence."

That, as any security expert will tell you, makes the cloud an attractive attack surface — there are so many potential entry points.

In a second post, we will focus on how organizations can integrate cloud security into their software security initiatives (SSIs).