An analysis of more than a dozen selected global research reports and studies around cloud adoption throws some interesting finds and busts a big myth—that security is no more a major concern for cloud adopters.
That cloud has become mainstream, even central to, enterprise IT is not news; at least not in mid-2016. As an IT manager, you have probably been bombarded with tons of data on the impressive uptake of cloud market as well as promising forecasts by your vendors, urging you to take to it, or do more with it.
All those nice looking presentations have a familiar narrative. Cloud has so many advantages from flexibility to cost to quick time to market for your new business.
But what about concerns? What about security?
Oh, it is so 2013. Let’s move on and focus on implementation challenges and other such new stuff. If the cloud uptake is so impressive across industries, across regions, across businesses of different sizes, it must be happening because the security concerns have been addressed adequately. Right?
While it is a fact that cloud has witnessed impressive growth—we too will give you some recent numbers going forward, in this piece itself—it has happened because of its almost irresistible benefits for business and DESPITE the security concerns.
As studies after studies show, security concerns have not gone anywhere. They still dominate the minds of CIOs, CISOs and other cloud decision makers. If they are still going ahead with the cloud, it is because of the business benefits are so attractive that they have almost decided to live with the security concerns.
At best, it is an uneasy relationship that will take a long time to get normal. At worst, it is a catastrophe waiting to happen; and the techies are ready with their defense. Maybe, they have been forced to go for the cloud in a haste. Most CIOs still report to the CFO.
Well, let us leave those speculations there.
For the time being, this—the cloud uptake has happened because of the business benefits and not because security fears have been allayed—is probably the most important message that we are getting by analyzing various cloud studies and reports that have been published by research firms, technology vendors and associations/interest groups/think tanks.
The Myth of Security as a Non-Issue
In the RightScale 2016 State of the Cloud Report released in February, security ranked as the No 2 challenge identified by the 1600 odd respondents globally, drawn from both tech and business community. Though security has come down to No. 2 position from No. 1 as a challenge in the 2015 report, that is not because people see security becoming less of a challenge but lack of resource/expertise becoming a huge challenge. In fact, while 28% respondents in 2015 identified security as a top concern, 29% respondents did so this year.
The State of the Cloud & Software Defined Data Centers (SDDC) report by Hytrust, released in May 2016, reports similar concerns. The study found that perception of inadequate security is seen as the predominant reason for holding back cloud and SDDC investments. While 44% respondents identified this as a barrier, the No. 2 reason—lack of solutions from vendors—was seen as a distant second with just 20% citing it as a barrier.
Similarly, when asked what was the top issue keeping organizations from virtualizing all applications, 46% pointed to security concerns, which was identified as the topmost barrier. What is noteworthy is that 60% IT administrators and managers see it as a huge barrier while the C level seems to be less worried with only 36% C level executives seeing it as a barrier. While the report itself does not explain the gap, one possible reason—and we must emphasize that it is just a possibility—could be the C level’s lack of awareness. The other could be IT managers overemphasizing security—as some of them could have been pushed to roll out cloud quickly by the top management because of financial reasons.
The SolarWinds IT Trends Index report, released in May too pointed out to security being the single biggest barrier to cloud adoption with every three out of four respondents polled by the company among IT practitioners, managers and directors in North America, the United Kingdom, Germany, Australia, Brazil and Singapore identifying it as a barrier.
There are other findings in studies that do point in this direction—that not everything is stable and settled with security. Microsoft-451 Research study, Cloud & Hosting Trends 2016, also released in May, actually reported that lack of security transparency is one of the top three reasons behind enterprises discontinuing with their primary cloud service provider.
Cloud Security Spotlight Report, a research by Crowd Research Partners, which used the largest LinkedIn group of professionals to poll their views on cloud security, found that security is still the biggest perceived barrier to further cloud adoption. An overwhelming majority of 90% of organizations are very or moderately concerned about public cloud security, the study found out.
In India too, the CII-PwC study of two sectors, Financial Services and Healthcare, saw considerable concerns about security as an issue in cloud adoption.
In short, it seems clear that the concerns about security in cloud have not really been allayed. Rather, the huge cost benefits, ability to adopt huge IT infrastructure at go as well as affordability by smaller organizations may have given cloud a big push, but it has come by pushing the security issues, at least partially “under the carpet”, as one security professional described it.
The High-Breed Impact
Hybrid is clearly the new buzzword. According to the RightScale 2016 State of the Cloud Report, as many as 71% respondents used hybrid cloud, up from 58% a year ago. This has been possible, largely because of public cloud users adding private cloud resource pools. The research further found that from those that are planning multiple cloud (as many as 82% of total respondents), 55% plan to use hybrid cloud.
The cloud discourse in India too has shifted towards hybrid. To be sure, hybrid is nothing but a lot of users who were testing out public cloud finally understanding the model a little better and taking a more judicious approach to the right mix, while their comfort level with cloud technologies has helped them to add private cloud to their delivery model.
Security—especially data security—has been one of the prime drivers of the trend. The Cloud Security Spotlight Report which found that security is a concern for 90% of enterprises considering as well as using cloud, also reported that 71% of respondents use hybrid cloud. A Synergy Research report in January found that private and hybrid cloud grew by 45% in 2015.
The SolarWinds IT Index, which had a subtitle, Hybrid IT Revolution, too pointed to this rapidly emerging phenomenon of hybridization. “ IT professionals are faced with a dual mandate: increase efficiency through cloud services while also ensuring critical systems, databases and applications are secure,” it said articulating what is driving hybridization.
In India, cloud vendors have actively started marketing hybrid as a concept. And there’s significant interest around hybrid.
Other interesting findings
- Data’s center of gravity is moving to the cloud: According to business analytics company, Tableau’s Cloud Data Brief: Big Data Transition to the Cloud, data’s center of gravity is shifting to the cloud. In January 2015, the brief says, data source connections in Tableau Online were distributed somewhat equally between cloud and on-premise deployment. In the first quarter of 2016, that split had swung to 70-30. Apart from normal migration of data to the cloud, the report has identified three drivers of this phenomenon: emergence of new cloud-native companies/startups, newer sources of high speed, high volume data like IoT data and the requirement to access data anytime, anywhere because of the rise in use of mobile devices.
- The next level managers are formulating cloud strategies: According to SolarWinds IT Trends Index, IT directors and other IT managers are more involved in cloud strategies than C level executives like CIOs and CISOs. In small organizations, 65% of IT directors are involved in formulating cloud strategies as compared to just 29% CIOs/CISOs. While that may partially be because of lack of CIO-designated executives, even the same trend is visible in large organizations. Only 70% CIOs/CISOs reported that they are involved in cloud strategy, as compared to 76% of IT directors.
- India is more cloud ready than China: According to the latest Cloud Readiness Index released by Asia Cloud Computing Association (ACCA), India has edged past China in terms of cloud readiness. However, that is the end of good news for Indians. India stands a low 12th among 14 countries studied, and is ahead of only China and Vietnam. Among the ten parameters considered by the study, India gets the lowest scores in international connectivity (1.7) and data center risk (1.9) while its best showing is in cyber security (7.1) where it is only behind Australia, New Zealand and Malaysia.
- ·APAC spends most on primary cloud providers than rest of the world: According to Microsoft-451 Research study, Cloud & Hosting Trends 2016, Asia Pacific has maximum number of companies (20% of the respondents) spending more than $10,000 per month on their primary cloud providers than rest of the world where 14% respondents reported spending $10,000 plus on their primary providers. However, it may just be a case of overpaying. According to the report, APAC also has more of shorter contracts. As many as 57% of APAC respondents said they are either on one year contract or pay on a month to month basis. That may have pushed up the prices in this region.