Recent studies on cloud computing suggest that security concerns are still hampering the adoption of cloud computing. BT, Fujitsu and Netspoke recently commissioned studies which, predictably, revealed that confidence in the security of the cloud is at an all-time low. Despite the predictable results, these studies will provide cloud computing services providers with insightful prospective customer feedback.
In September, BT published the results of a study it commissioned which explored the attitudes to, and use of, cloud-based services of IT decision makers from enterprise organisations in 11 countries. BT reported that three quarters of those surveyed (76%) cited security as their main concern about using cloud-based services. Despite security being a major concern, surprisingly, 50% of those surveyed admitted to adopting mass market ‘consumer’ cloud services, rather than those designed specifically for the enterprise.
Fujitsu’s study reported similar findings. The study, Two Years On: The Financial Services Landscape Is your organisation super-powered?, follows up on a 2012 study. One hundred and seventy-six IT decision makers were surveyed at a range of financial sector firms. The study found that, two years on from the last survey, less than a quarter of financial sector firms have implemented cloud computing and, of those who neither use cloud at present nor are planning to in the future, nearly half (42%) said that they believe that it opens up too many security threats.
The Netspoke commissioned study, Cloud Multiplier Effect in European Countries, reported similar findings to those of the BT and Fujitsu studies. 57% of respondents did not agree that their organisation’s cloud service use enabling security technologies to protect and secure sensitive and confidential information and 72% say these cloud service providers are not in full compliance with privacy and data protection regulations and laws.
As expected, and in line with concerns over security, the studies suggest that it tends to be non-sensitive data and non-business critical processes and data which are being hosted in the cloud. For example, Netspoke found that, on average, only 23% of a business’s critical applications are in the cloud and only 10% of sensitive or confidential information is stored in the cloud. Whilst Fujitsu found that around three quarters of those using cloud do so for internal operations.
For those parties who supply cloud solutions, the results of the surveys provide insightful prospective customer feedback which can be used to tackle certain barriers to the adoption of cloud computing, including security.
Interestingly, the surveys show that “cloud computing” is still a nebulous concept. It appears much of the resistance stems from a lack of understanding. Accordingly, educating potential clients should be an important part of any cloud provider’s sales pitch.
To help enterprises better understand the cloud, the International Organisation of Standardisation (ISO) has recently released two International Standards on cloud computing, ISO/IEC 17788 and ISO/IEC 17789. ISO/IEC 17788, Cloud computing – Overview and vocabulary, provides definitions of common cloud computing terms, including those for cloud service categories such as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). It also specifies the terminology for cloud deployment models such as “public” and “private” cloud. ISO/IEC 17789, Cloud computing – Reference architecture, contains diagrams and descriptions of how the various aspects of cloud computing relate to one another. These standards will be significant in helping client’s understanding of the cloud and are expected to pave the way for more technical standards dealing with issues such as security.