Upload
quocirca
View
222
Download
0
Embed Size (px)
Citation preview
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 1/11
Copyright Quocirca © 2013
Bob Tarzey
Quocirca Ltd
Tel : +44 7900 275517
Email: [email protected]
Bernt Østergaard
Quocirca Ltd
Tel: +45 22 112 55 91
Email: [email protected]
The adoption of cloud-based services
Increasing confidence through effective security
July 2013
There is much research to show that the adoption of cloud-based services
is now widespread. It is also widely reported that the foremost concern
about such services is the security of data. The new research presented in
this report shows that those that are enthusiastic about cloud have the
same level of concern about security as the sceptics who avoid cloud
services.
One of the main differences between these two groups is that the
enthusiasts have put in place the security measures to allay their concerns
whilst the avoiders have not. Furthermore, enthusiasts are often using
cloud sourced security services to do so – cloud feeds on cloud .
This report examines the issues around the adoption of cloud-based
services and looks at the security technology that is being deployed by
enthusiasts and why the avoiders are holding back. It should be of interest
to any IT or business manager who knows there are plenty of benefits for
their organisation to gain from such services, but realise that they have to
explain to their colleagues how perceptions around the vulnerability of
sensitive data can be overcome.
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 2/11
The adoption of cloud-based services
© Quocirca 2013 - 2 -
The adoption of cloud-based services Increasing confidence through effective securityWe all worry about security in both our business and personal lives so it should come as little surprise that it is the
top concern when it comes to the adoption of cloud-based services; this is as true for cloud enthusiasts as it is forcloud avoiders. The former stand out due to the measures they take to overcome their security concerns and the
benefits they gain from doing so.
There is wide
acceptance of cloud
services as a way to
deliver formal IT
requirements
Attitudes regarding cloud-based services range from the belief they should be used whenever
possible (22%), through those that evaluate them as alternatives to in-house deployments in
most cases (35%), those who evaluate them on a case-by-case basis (17%) to those that avoid
them as much as possible (23%). A small number pro-actively block such services (3%). An
analysis of the enthusiasts versus avoiders shows that the latter lack confidence in their ability
to use cloud services securely rather than dismissing them outright as a way to deliver
enterprise IT requirements.
Drivers for adoption
of cloud services
extend well beyond
cost savings
Whilst lower cost of ownership topped a list of drivers for the adoption of cloud-based services,
this was closely followed by better working practices for employees, improved efficiency and
easier external interaction. Access to applications that could not otherwise be afforded was atthe bottom of the list, but still significant for many. Needless to say, all of these drivers were of
far greater importance to enthusiasts than avoiders.
Blockers to adoption
of cloud services
varied significantly
by industry
Government organisations fear data protection laws, whilst financial services organisations
worry about the regulations that affect all the personal data they hold. Commercial
organisations, including retailers, worry most about the personally identifiable data they
collect. Manufacturers and telcos see intellectual property as a key competitive asset and
worry most about that.
Security is a concern
for all
All of the top blockers have a security component to them and it is a widely reported fact that
data security is the top concern when it comes to the use of cloud-based services. However,
the level of concern shown about security is similar for both enthusiasts and avoiders. What the
latter worry about is a lack of resources and skills to ensure secure use of cloud services. If
these concerns can be addressed then it will eliminate important stumbling blocks to faster
cloud adoption by all.
Enthusiasts invest in
security technology
to ensure they can
safely use cloud
services
Enthusiasts are far more likely to recognise the importance of a range of security technologies
and to have invested in them. This includes the ability to manage identities, provide safe access
and filter incoming/outgoing content. 97% of enthusiasts have an IAM system compared to just
26% of avoiders. Enthusiasts spend a greater percentage of their IT budget on IT security (7% as
opposed to 5%), reflecting the fact that they see the need for better security but also that their
ability to leverage cloud services reduces their top line IT costs.
The key security
requirements can be
delivered from the
cloud too
Whilst the safe use of cloud services requires an investment in IT security, enthusiasts also see
the cloud as a source of a wide range of security services. Even avoiders show some acceptance
that the cloud can be the best way to deliver single sign on (SSO), federated identity
management and identity governance; 30% of them accepted that there were advantages to
using identity and access management as a service (IAMaaS), however, the figure forenthusiasts was 92%.
Conclusions
The cloud genie is out of the bottle and there will be no putting it back because the benefits nearly always outweigh
the problems that need to be overcome when using such services for the delivery of mainstream IT requirements. This
research report shows the measures that organisations in the vanguard are taking to embrace the use of cloud
services. It also shows that, with some help and encouragement, today’s avoiders of cloud could become tomorrow’s
enthusiasts.
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 3/11
The adoption of cloud-based services
© Quocirca 2013 - 3 -
Introduction – enthusiasts and avoiders
There is plenty of research, including that presented in
this report, to show that cloud-based services are now
a mainstream way of delivering certain aspects of the
IT requirements of many organisations. Of course, the
range of cloud services is very broad and mostly it
helps to be specific about what is involved. A line
should at least be drawn between informal and formal
use.
From the perspective of an IT department, informal
use is anything that may not have been sanctioned
although in many cases is accepted. This includes end-
users making valid business use of social media and
other online applications, such as LinkedIn, YouTube
and Dropbox, and lines of business subscribing directly
to online services paid for out of their own budgets.
Formal use is where the IT department has decided to use a service rather than deploying something in-house. Just
under 75% of the European organisations Quocirca interviewed for the latest research confirmed they are already
doing so (Figure 1) although levels of adoption varied somewhat by industry. As providers, as well as consumers of
cloud services, telcos are the biggest users, followed by commercial organisations, which includes retailers, who
often interact directly with their customers online. Government organisations are the most likely to hold back, but
there are initiatives to encourage them in many countries with the prospect of cost savings for tax payers during
hard economic times.
Across the board, a very small number (3%) said they proactively blocked cloud services (blockers), and this should
be taken to include informal and formal use. However, the remainder fell in to one of four categories with asignificant number in each:
Those that use cloud services whenever they can (22%) – ENTHUSIASTS
Those that evaluate them as an alternative in most IT procurements (35%)
Those that evaluate them in some cases (17%)
Those that tend to avoid them (23%) – AVOIDERS
This report will focus on the two extremes that we have called enthusiast s and avoiders and tease out the
differences between them (the other two groups fall neatly between the two in most of their actions and views).
The avoiders (and even blockers) must at least face up to informal use. Even if they manage to put in place effective
controls to limit the use of cloud services on their own networks, users will still be able to access them across public
networks and from mobile devices.
The good news, for advocates of cloud at least, is that the avoiders are not a hugely negative bunch but simply
nervous about cloud and need some handholding to reap the benefits that are readily recognised by the
enthusiasts.
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 4/11
The adoption of cloud-based services
© Quocirca 2013 - 4 -
Drivers and blockers
A good place to start is to look at the drivers and blockers that
determine the uptake of cloud services. As with almost any
procurement, cost saving is a major driver for most, with lower
cost of ownership at the top of a list of drivers (Figure 2).
However, there is much recognition of the added value to be
had from cloud services; scoring almost the same was the
enablement of better working practices for employees (for
example, ease of access to cloud-provisioned applications
makes flexible and home working easier to support), improved
efficiency and easier external interaction. Access to
applications that could not otherwise be afforded was at the
bottom of the list. Needless to say, all of these drivers were of
far greater importance to enthusiasts than avoiders.
An analysis of blockers proves more interesting (Figure 3). The
top five issues all relate to security and privacy – no surprises there, this is in line with most other research. Each
industry has its own bug-bears (Figure 4):
For Government organisations it is privacy; a fear of data protection laws, having been damaged the most
by reports of careless handling of data
For financial services it is compliance; worries about the regulations that affect all the sensitive data they
hold
For commercial organisations it is crime; they worry most about personally identifiable data, which is not
surprising, as this group includes retailers who gather such data through their online sales channels
For manufacturers and telcos it is industrial espionage; they deal less with personal data and see
intellectual property as a key competitive asset
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 5/11
The adoption of cloud-based services
© Quocirca 2013 - 5 -
“There is not much to
separate enthusiasts from
avoiders; for both groups
data security issues top
the list”
Most interestingly, when looking at the top three blockers listed, there is not much to separate enthusiasts from
avoiders (Figure 5); for both groups data security issues top the list. Only when they are forced to select one issue
do the differences really start to stand out (Figure 6). Whilst the single top concern of avoiders remains in the area
of data security and privacy, for enthusiasts it is all about complexity of access. The lesson here for providers of
cloud services is, sure, they must be able to demonstrate their product is secure, but if there is not also solid
support from the provider to make sure provisioning, implementationand on-going access is as straight-forward as possible, they will lose out
to more agile competitors.
Looking more closely at security issues tells more. Overall the variation
between issues is not huge (Figure 7). However, focusing on the
enthusiasts and avoiders shows there is an equal level of concern about
the secure transmission and storage of data, but the avoiders stand out in
feeling they lack the skills and resources to ensure their use of cloud
services is secure (Figure 8). In other words, if they were provided help
with implementation of cloud services and the necessary security many
may overcome their reticence.
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 6/11
The adoption of cloud-based services
© Quocirca 2013 - 6 -
Securing the use of cloud
Perhaps we should not be surprised that securing the cloud is a big
issue for all. Apart from countless previous research reports telling us
this is the case, security concerns are inherent in everyone about all
sorts of issues in our personal and business lives. However, the focus
on security is misleading; what is more important is how security
concerns are addressed. Cloud enthusiasts feel more able to overcome
them than avoiders. So, what security measures are the former taking
to provide them with the greater level of confidence?
It would seem just about everything. Six key security areas were
looked into; for the enthusiasts all were seen as important (Figure 9).
Avoiders focussed mainly on their compliance responsibilities and the
need to keep audit trails, reflecting the fact that no one can avoid
cloud services altogether and all must face up to governance, risk and
compliance (GRC) demands. The truth is that unless they make
investments in every area of security to ensure that cloud services can
be used in a way that is compliant, protects against crime and
preserves privacy, the doubters will continue to hold back.
Enthusiasts recognise the need to put in place sufficient identity
controls as part of this; identity and access management (IAM), single
sign on (SSO) and the linking of identity and policy are all high on their
list but largely overlooked by avoiders. Indeed, 97% of enthusiasts
have an IAM system in place compared to just 26% of avoiders (Figure
10) and this is, in itself, likely to be a cloud service (IAM as a
service/IAMaaS) or at least have an on-demand component (hybrid
deployment, for example linking back to in-house directories). Havingsuch an IAM system is seen as a key enabler for the use of software-as-
a-service (SaaS) and other cloud services (Figure 11).
Of course, security comes at a cost. Enthusiasts spend a greater
percentage of their IT budgets on security than do avoiders (Figure 12).
This reflects two things:
1. Enabling the adoption of cloud-based services does indeed
involve increased security investment
2. Many cloud services have a lower cost than deploying the
same technology on-premise, so will reduce the overall cost of
IT delivery. This means security will rise as a proportion of
overall IT spending, even if security spending itself was notincreased
One way enthusiasts keep the cost of securing the use of cloud-based
services under control is to use cloud-based security services.
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 7/11
The adoption of cloud-based services
© Quocirca 2013 - 7 -
Security from the cloud
It may be a step too far to persuade avoiders that the best
way to make the use of cloud services secure is to use cloud-
based security services; however, enthusiasts have few
doubts. They do so for many of the same reasons that they
adopt cloud in the first place; ease of deployment, lower cost
of ownership etc.
Overall there is an acceptance that security services, ranging
from identity governance to privileged user management,
could be delivered either as pure cloud services or at least
hybrid ones, i.e. mixed with an on-premise capability (Figure
13). Enthusiasts were many times more likely to agree with
this proposition compared to avoiders. The avoiders close the
gap a little when it comes to SSO, federated identity
management and identity governance (ensuring the
compliant use of identities); this is most likely because these
services help facilitate external interaction, which even they
cannot avoid.
Focussing in on one particular security requirement shows
how stark the difference is (Figure 14). There was some
variation in the recognition of benefits of IAMaaS across
industries, but a huge gap between the enthusiasts and
avoiders. As with adoption of cloud services in general the
benefits of cloud security services, such as IAMaaS, include a
range of issues that cover both cost savings and increasedbusiness value. The relative benefits are shown in Figure 15.
The reasons for and benefits of delivering on-premise, hybrid
and cloud-based IAM are detailed in another Quocirca report
entitled “Digital identities and the open business”1. The
report is based on the same data sets that have been used to
prepare this report and can be freely downloaded (see
references).
Overall there is an acceptance that
security services ranging, from
identity governance to privileged
user management, could be
delivered either as pure cloudservices or at least hybrid ones
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 8/11
The adoption of cloud-based services
© Quocirca 2013 - 8 -
Conclusions
This report has shown that the adoption of cloud-based services is widespread; the move to cloud seems unlikely to
go into retreat at any time soon, if ever. The move is fundamentally changing the relationship between IT
departments and the businesses they serve. The IT teams in organisations that are furthest down the road with
cloud are generally more focussed on application delivery and business outcomes than those who maintain most IT
platforms in-house; they spend much more of their time dealing with the underlying technology.
Ensuring good security is a fundamental requirement of making the use of cloud-based services safe and giving
organisations the confidence to adopt such services more and more. The rising adoption of cloud services and
increasing security investment go hand-in-hand. However, the investment in additional security is outweighed by
the benefits of cloud adoption and the cloud-based security services can help keep down the cost of delivering the
required security – cloud feeds on cloud .
The cloud genie is out of the bottle and there will be no putting it back because the benefits nearly always outweigh
the problems that need to be overcome when using such services for the delivery of mainstream IT requirements.
This research report has shown the measures that organisations in the vanguard are taking to embrace the use of
cloud services. It has also shown that, with some help and encouragement, today’s avoiders of cloud could become
tomorrow’s enthusiasts.
Appendix 1 – references
“Digital identities and the open business”, Quocirca Feb 2013
https://www.ca.com/gb/register/forms/collateral/Quocirca-European-Research-Digital-Identities-and-the-Open-
Business.aspx
Appendix 2 – analysis methodology
For the data presented on Figures 3, 4, 5 and 6, the respondents were asked to select 5 issues from a list of 11 and
place them in order of importance.
In the analysis used for Figures 3 and 4 each issue selected was given a weighting; 5 for the most important, 4 for
the second down to 1 for the fifth. The cumulative scores were then recast as a percentage of the highest possible
score. If all had selected the same issue as the most important, it would have scored 100%.
In the analysis used for Figure 5 the percentage shown is the number that placed a given issue in 1
st
, 2
nd
or 3
rd
place.
In the analysis used for Figure 6 the percentage shown is only the number that placed a given issue in 1st
place.
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 9/11
The adoption of cloud-based services
© Quocirca 2013 - 9 -
Appendix 3 – demographics
The data presented in this report was gathered during the final months of 2012. The following figures show the
distribution of the research respondents by country, organisation size, industry sector and job role.
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 10/11
About CA Technologies
CA Technologies (NASDAQ: CA) provides IT management solutions that help customers manage and secure complex
IT environments to support agile business services. Organisations leverage CA Technologies software and SaaS
solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to
the cloud.
IT Security solutions from CA Technologies can help you enable and protect your business, while leveraging key
technologies such as cloud, mobile, and virtualisation – securely – to provide the agility that you need to respond
quickly to market and competitive events. Our identity and access management (IAM) solutions can help you
enhance the security of your information systems so that you can improve customer loyalty and growth, while
protecting your critical applications and data, whether located on-premise or in the cloud. With more than 3,000
security customers and over 30 years’ experience in security management, CA offers pragmatic solutions that help
reduce security risks, enable greater efficiencies and cost savings, and support delivering quick business value.
CA CloudMinderTM
provides enterprise-grade identity and access management capabilities as a hosted cloud service
supporting both on-premise and cloud-based applications. Deployed as a service, CA CloudMinder drives
operational efficiencies and cost efficiencies through speed of deployment, predictability of expense and reduced
infrastructure and management needs.
www.ca.com/mindyourcloud
<vendor logo>
8/13/2019 The adoption of cloud-based services
http://slidepdf.com/reader/full/the-adoption-of-cloud-based-services 11/11
The adoption of cloud-based services
About Quocirca
Quocirca is a primary research and analysis company specialising in the
business impact of information technology and communications (ITC).
With world-wide, native language reach, Quocirca provides in-depth
insights into the views of buyers and influencers in large, mid-sized and
small organisations. Its analyst team is made up of real-world
practitioners with first-hand experience of ITC delivery who continuously
research and track the industry and its real usage in the markets.
Through researching perceptions, Quocirca uncovers the real hurdles to
technology adoption – the personal and political aspects of an
organisation’s environment and the pressures of the need for
demonstrable business value in any implementation. This capability to
uncover and report back on the end-user perceptions in the market
enables Quocirca to provide advice on the realities of technology
adoption, not the promises.
Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC
has the ability to transform businesses and the processes that drive them, but of ten fails to do so. Quocirca’s
mission is to help organisations improve their success rate in process enablement through better levels of
understanding and the adoption of the correct technologies at the correct time.
Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC
products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of
long term investment trends, providing invaluable information for the whole of the ITC community.
Quocirca works with global and local providers of ITC products and services to help them deliver on the promise thatITC holds for business. Quocirca’s clients include Oracle, IBM, CA, O2, T -Mobile, HP, Xerox, Ricoh and Symantec,
along with other large and medium sized vendors, service providers and more specialist firms.
Details of Quocirca’s work and the services it offers can be found at http://www.quocirca.com
Disclaimer:
This report has been written independently by Quocirca Ltd. During the preparation of this report, Quocirca may
have used a number of sources for the information and views provided. Although Quocirca has attempted
wherever possible to validate the information received from each vendor, Quocirca cannot be held responsible for
any errors in information received in this manner.
Although Quocirca has taken what steps it can to ensure that the information provided in this report is true andreflects real market conditions, Quocirca cannot take any responsibility for the ultimate reliability of the details
presented. Therefore, Quocirca expressly disclaims all warranties and claims as to the validity of the data presented
here, including any and all consequential losses incurred by any organisation or individual taking any action based
on such data and advice.
All brand and product names are recognised and acknowledged as trademarks or service marks of their respective
holders.
REPORT NOTE:This report has been writtenindependently by Quocirca Ltd
to provide an overview of theissues facing organisationsseeking to maximise theeffectiveness of today’sdynamic workforce.
The report draws on Quocirca’sextensive knowledge of thetechnology and businessarenas, and provides advice onthe approach that organisationsshould take to create a moreeffective and efficient
environment for future growth.