Forty Percent of Companies Deny Cloud Usage Despite Employee and Departmental Use of Web-Based Applications and Mobile Devices Outside of IT Control
Seattle, Wash. – November 6, 2012 – New research tracking trends and issues in cloud security revealed a growing gap between actual business cloud practices and related IT policies. The survey found that while nearly 20 percent of businesses have no clear security policies or standards around employee or departmental use of “cloud,” the majority do allow employees to use cloud services and access corporate data from cloud applications or connected devices. This policy versus utilization gap is consistent for both the 61 percent of respondents who said their company is using the cloud, as well as the remainder who reported not officially leveraging cloud services to-date.
The October 2012 research, sponsored by cloud backup provider Symform, surveyed nearly 500 companies across a wide range of industries and organizational size, with 18 percent representing enterprises, 34 percent from small to medium organizations, and 48 percent representing IT service providers or small businesses. The survey queried respondents about current cloud utilization, cloud security concerns and benefits, security policies and employee use of cloud services, applications and devices.
For many businesses, data growth is outpacing cloud adoption. Coupled with BYOD and the consumerization of IT, the survey reveals that many businesses are slow to acknowledge cloud adoption within their organization and, as a result, determine the proper IT security and policies to govern this cloud usage. In fact, of the 39 percent who said they are not using cloud, 65 percent claim to allow employees or teams to use cloud services and 35 percent allow employees to put company data in cloud applications.
“This research validates how cloud applications and services are being purchased and managed increasingly by non-IT departments, and illustrates the need for IT to re-claim control from a policy and governance standpoint while still enabling the business to benefit from the cloud’s agility and cost-effectiveness,” said Margaret Dawson, vice president of product management at Symform. “I always advise IT leaders to be the centralized source of all IT policy, vendor criteria, compliance management and the definition of “trust” for their organizations. Cloud usage is inevitable but loss of control is not.”
Despite the gap between cloud utilization and corresponding security policies, the Symform survey revealed that secure cloud backup is gaining credibility as a safe place to store or use data, with 50 percent of respondents believing even sensitive data can be secured in the cloud. However, credit card information was a huge exception, with 70 percent saying they would not put credit card data in the cloud. This aligns with the belief that the highest perceived benefit of the cloud is data protection. For those using the cloud, nearly 50 percent stated secure cloud storage services allow them to spend less time managing data protection and on IT security overall. For those not in the cloud, over 50 percent believe that better data protection would be the top benefit gained by moving services to the cloud.
The number one stated concern and key criteria for IT managers with the cloud was Access Controls. Other top security criteria when evaluating cloud services were auditing and tracking, securing data both in motion and at rest, vulnerability management and maintaining strong security service level agreements (SLAs). To alleviate their fears, companies of all sizes are turning to large technology vendors to gain advice and learn best practices on cloud security. While leading analyst and industry organizations such as Gartner, the Cloud Security Alliance and Black Hat scored well among respondents, the most trusted sources were Microsoft, Amazon, Apple, IBM and other IT vendors. In fact, Microsoft and Amazon received an equal 46 percent vote as the top trusted source(s) on cloud security.
While not necessarily related to cloud security, the research did substantiate that Platform-as-a-Service (PaaS) is the slowest cloud platform to penetrate organizations, lagging well behind Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS). Only 39 percent of those using cloud reported leveraging PaaS, while 48 percent and 79 percent respectively said they were currently using IaaS and SaaS. PaaS again was the laggard when respondents were asked which cloud model they were least likely to adopt, with 48 percent of those already in the cloud and 70 percent of those not yet using cloud claiming they would not leverage a PaaS solution within the next 12 months.
For more information on the cloud security survey results, as well as other primary research sponsored by Symform, go to http://www.symform.com/join-the-revolution/resources/market-research/.