Can organizations hold back the tide of cloud adoption?

For many organisations holding back the tide of cloud-based services adoption is almost impossible as the use cases are overwhelming, according to a new report by analyst firm Quocirca. These include on-tap infrastructure, support for live-in-the-cloud business processes and the outsourcing of utility applications to third party specialists.

The study also reveals that the challenge for many UK organisations will be not whether to accept cloud-based services but how well prepared they are for their adoption.

The study classified users into four groups:

• Enthusiasts – regularly make use of cloud-based services where possible and consider them a key part of their future IT requirements
• Supplementary users – evaluating use of cloud-based services to supplement in-house IT resources
• Case by case users – regularly evaluate cloud-based services and select them as they seem a better alternative to an in-house option
• Avoiders – avoiding and proactively blocking adoption of cloud-based services.

The report highlighted interesting findings between the two extreme groups – the enthusiasts and avoiders, especially as it relates to IT security. Whilst both groups have put in place IT security measures to address the risk associated with using cloud-based services, there are significant differences in those measures.

This report highlights the degree to which attitudes to cloud-based services have changed,” said Bob Tarzey, Analyst and Director at Quocirca. “The move towards wide-spread adoption of cloud-based services is inevitable, not least because of the need to support inter-organisational business processes. Whilst Quocirca does not see the transition from avoiders to enthusiasts happening overnight, once the benefits of cloud services have been seen through a case-by-case use, the step to all-out enthusiasm is not such a big one.”

Cloud-based services adoption is on the rise

• The proportion of UK businesses classifying themselves as ‘enthusiasts’ has doubled in two years – from 17% to 32%. Amongst consumer-facing organisations the enthusiasts number 38%.
• The number of avoiders has decreased from 23% to just 10% in the same period. For consumer-facing organisations the figure is down to 6%.
• The number of respondents that consider themselves case by case users has increased from 17% to 23%, such organisations are recognising the value of controlled cloud use.
• There has been drop in those that consider themselves supplementary users (from 43% to 35%). This indicates a move away from casual use to more controlled access for specific use cases.

Confidence in using cloud-based services is highest at the extremes

• Of all the groups, the avoiders are most likely to be very confident (50%) about data security largely because they have taken proactive steps to deter the use of cloud services and their systems are less open
• 41% of enthusiasts of cloud services are very confident that they have put in place sufficient security measures to support their pro-cloud stance.
• Only one fifth (20%) of supplementary users and 17% of case-by-case users felt very confident about their data security.

Wide range of security capabilities being deployed

• For the avoiders, whose aim is to avoid the use of cloud-based services, unsurprisingly cloud-access controls do not figure at all in their top 5 security technologies. Their preference is for tools that block and restrict user activity to minimise their perceived dangers from cloud use.
• In sharp contrast 3 of their top 5 security capabilities selected by enthusiasts were cloud-sharing capabilities including policy-based access rights and policy-based encryption.
• Of the four groups supplementary users are the most laid-back, adopting what could be considered a dangerously casual approach. Of 20 security capabilities looked at, they were less likely than average to have deployed almost all the technologies
• Case by case users were different again with 4 out of their top 5 security technologies being those that restricts what users can especially on the end-point.

The complete report is available here.