Use of cloud services in the UK continues to grow is the key message from the Vanson Bourne annual survey into cloud adoption performed on behalf of the Cloud Industry Forum (CIF). Of the 250 senior IT and business decision makers that took part in the research, 78% said that their organisation was now using at least one cloud-based service. That represents 15% growth since last year and a 62% increase since the first study was conducted in 2010.
However, it is worth noting that almost half (46%) of the respondents were currently only using one cloud service, which indicates there is a very long way to go before cloud represents a significant proportion of most organisation’s IT platform. Although with two-thirds of those currently using cloud expecting their usage to increase in the next 12 months, and almost half of the 22% who said they were not currently using cloud at all saying they expect their business to start adopting cloud services in the next year, it is clear to see that balance will continue to shift towards cloud.
Away from the general growth in adoption of cloud services probably one of the most notable findings from the research was about security and specifically the difference between perception and reality when it comes to cloud services. 75% of respondents said security was the primary reason for not wishing to move specific applications to the cloud whilst 61% said that data security was one of the most significant concerns about using cloud within their business and 31% said business security and privacy concerns was one of the biggest inhibitors to moving more applications and/or infrastructure to the cloud.
Yet when asked whether they had actually experienced a security breach related to the use of a cloud service, 98% said that they had not had an incident that breached security. So, despite not being exposed to a security problem when using cloud and with the incidence of breaches among all cloud users being very low, a significant majority of organisations are still using security as a reason for not moving more of their IT platform into the cloud. Another interesting finding is that 56% of respondents said that the PRISM revelations had not prompted them to do anything differently with regard to the privacy of their organisation’s data.
The issue of security, and perhaps more accurately the perception that cloud is not as secure as on-premise is a topic I have written about before (see It really is time to trust the cloud). Security is a core skill of cloud service providers; it has to be, otherwise they are not going to last long in the market place. I doubt that most corporate IT functions can get anywhere close to matching the security skills, knowledge, systems and controls of cloud vendors such as Salesforce and Amazon. And there are plenty of organisations that have either already moved or are in the process of moving their entire IT estates to the cloud (see Using cloud to get close to the business) whilst others haves set targets to have at least 70%-80% of their applications and infrastructure provided via the cloud.
But that’s not to say that IT departments shouldn’t do due-diligence on potential vendors and ask them to demonstrate their competency. This is part of the new role of IT in the cloud-enabled enterprise – the role of a broker or facilitator of IT services; rather than building and maintaining services themselves, IT functions should focus on providing the right architecture to ensure different services can be integrated, selecting the right vendor(s), ensuring that appropriate SLAs are agreed and that safeguards around access to data and the ability to switch provider at the end of the contract are in place.
However, as John Rhoton, author of several books on cloud computing, explains in a recent CIO UK article, IT departments need to take a balanced approach to analysing security of cloud services, “less mature customers who don’t have as good an understanding of cloud computing tend to vastly underestimate the security of cloud service providers; and they greatly overestimate the security they themselves implement.”
Rhoton advises CIOs to look at the existing client base of a cloud provider as part of their due-diligence, “If you look at customers of Salesforce – Amazon, HP, and Symantec, all of whom are specialists in security and cloud computing – you notice that none of them have any problems entrusting Salesforce with sensitive data. That’s because they know that Salesforce is taking all the necessary precautions.”
Moving to the cloud is not without its challenges however. In the same CIO UK article Francois Charpe, Group CIO of Altran Group, explains the pitfalls and lessons his organisation has experienced in adopting cloud services. Ensuring that their service provider was based in the EU for data protection purposes was an initial consideration albeit one that was easily satisfied by opting for Amazon Web Services, which operates services and stores data in Ireland.
Satisfying legislation and regulations when considering cloud solutions is an important issue for CIOs but it is also something that can be easily resolved by selecting the right provider for a particular service. The real challenges come with ensuring you have the right architecture, the ability to integrate with other services and ensuring the right approach to areas such as identity management. As Charpe explains, “When you put applications on the cloud, you have to rethink your infrastructure. Identification and authentication, data back up, and high availability all have to be reconsidered. You also have to make sure you have the right connections between the different infrastructures.”
But then these are all areas that should form part of the IT function’s new role of a broker or facilitator of services. The key for CIOs in successfully overcoming these challenges is to ensure they have the right skills in place to design, implement and manage a platform that at least in part is based on cloud services. This is a different skill set than has previously been required and it is a skillset that is essential to ensuring the organisation exploits the full benefits of using cloud services.
And those benefits are both wide-ranging and potentially significant. Reduced cost, increased flexibility and scalability are just some of the reasons given in the CIF research as to why organisations decide to use cloud services. Christina Scott, CIO at the Financial Times, who has moved a number of applications to the cloud, has realised such benefits. Speaking to CIO UK, Scott explained how moving the FT’s data warehouse to Amazon Redshift had resulted in “substantial cost reduction and performance benefits from our old outsourced data warehouse solution.”
There are also benefits for the CIO and the IT function in increasing their usage of cloud services. In Using cloud to get close to the business I explained how Netflix and GPT Group were using the cloud to free up resources that would otherwise be allocated to maintaining and supporting the organisation’s existing systems and infrastructure. Moving to the cloud means IT staff in these organisations are now working alongside the rest of the organisation, helping to solve business problems and identifying opportunities to use technology to create value, grow revenue and create competitive advantage. This repositioning of the IT function and indeed the CIO role is key to ensuring that both can play a leading role in shaping and leading their organisations in the digital age.
And other CIOs are also seeing the cloud as a way of transforming the IT function as well as the IT platform. Speaking at the recent Cloud World Forum in London, Coca Cola CIO Onyeka Nchege talked about his plans to move everything off-premise over the next five years. Nchege explained that this would result in a leaner IT team that “spend all of their time understanding business processes and translating that to services.”
The use of cloud services in the UK is increasing but the perception that cloud represents a security risk still exists even though actual experience says otherwise. CIOs who can overcome this false perception and who can equip their departments with the skills needed to become the service broker required by the digital business will ensure their organisations maximise the benefits from using cloud services. And they will also be positioning themselves as business leaders who drive growth and innovation through technology.