Path to Value in the Cloud in review

Our research program is now complete, and all of the analysis of our survey of 350 business and technology executives nationwide is now online. Taken together, this information offers key takeaways for companies pursuing their own cloud migrations.

The briefing paper outlines the main findings from the survey. Our survey revealed that while cloud is fundamentally changing the nature of business processes and collaboration, companies lack migration strategies and lack metrics to measure their own success in the cloud—or the effectiveness of their cloud vendors.

We then delved into the main findings with a series of short papers and infographics around each theme. The first examines how cloud is influencing and driving business strategy. The key takeaways from our cloud strategy think piece can be found in this infographic.

A second looks at the areas where companies are seeing the most value from the cloud (primarily collaboration and innovation)—and how they are measuring their success in the cloud. A snapshot of how cloud is driving business value can be found here.

Our third think piece highlights a persistent issue in the cloud—security. Security remains top of mind, and these concerns will remain relevant as firms move more business functions into the cloud over the next two years. But companies aren’t prioritizing security when it comes to choosing a cloud vendor. These findings are summarized in this infographic.

Finally, we detailed the characteristics and practices of those furthest along in their cloud migrations—Trailblazers. Trailblazers are seeing higher revenues and profit margins, and have more well-developed cloud migration plans. An infographic about Trailblazers  can be found here.

All of these research outputs can be found here.


Paper gives insight into importance of cloud security

WindstreamSecurityThinkPieceThis think piece gives greater insight to the topic that’s top of mind in any cloud conversation: security. In fact, 76% of respondents to our survey said that data security was a top concern when it came to making cloud migration strategies.

But despite the outsize security concern, many firms may not be following through with their security agendas when choosing a cloud vendor. Only 4% of respondents said meeting a minimum threshold of security was their most important quality when choosing a cloud services provider.

Most importantly, cloud security is a two-way street—vendors must have security measures in place, but those are useless without internal protocols and processes.

Read the full think piece here


Infographic details cloud security concerns

WindstreamSecurityInfographicClick to see full infographic

As the latest data breach imbroglio boils on, we have some data and insight into the importance of security on the path to value in the cloud. Our survey of 350 business and technology executives revealed that data security is a top concern when migrating to the cloud. The stakes are raised because collaboration is a major cloud benefit and companies are putting more and more data in the cloud.

But despite their concerns, companies haven’t assessed their own needs from cloud vendors or their own readiness, and they’re not emphasizing security when choosing providers. For a more detailed look at the state of security in the cloud, check out our think piece on the topic.


New paper highlights importance of cloud security


This week we released a think piece focusing on the importance of cloud security. And with another big breach in the news—this time possibly involving iCloud—the topic is as timely as ever. No surprise, then, that 76% of our 350 survey respondents said that security concerns influence their migration strategies.

This is especially true of healthcare companies. 87% of respondents from that industry said data security was a top migration concern. But despite this emphasis, we found that many firms may not be pursuing their security agendas when choosing a cloud vendor. Only 4% of respondents said meeting a minimum threshold of security was their most important quality when choosing a cloud services provider.

It’s important for companies to remember that cloud security is a two-way street—providers must have security measures in place, but those are useless without internal protocols and processes.

Read the full think piece here

The cloud you don’t see

“Listen to your users, give them what they need…. A ‘don’t use the cloud’ memo isn’t going to cut it.”

Security is top of mind for most organizations looking to migrate to the cloud, but there’s another threat vector to consider: cloud creep. Even a company with sufficient security protocols in place for its formal cloud services may face exposure from services like Facebook, Dropbox, and Pandora entail.

“Just because you have a positive position on IaaS doesn’t mean you have a sufficient risk posture around off-the-shelf services,” Jason Ha, national manager of security practices for Dimension Data, said.

On average, Ha finds in security audits that companies have six times the cloud exposure they thought they did.

But there’s not an easy solution. Simply blocking access to social media sites may temporarily fix the problem, but it might block legitimate sites, and employees can find workarounds. And there’s no escaping the cloud: even if a company has a “no-cloud” policy in place, the spate of recent data breaches shows the pitfalls of that approach.

So what is a company to do? The first step is to have a cloud policy in place, followed by an effort to deploy approved, monitored applications. It’s not an easy fix, but the key is to stay ahead of the curve and to give your staff options that are within your control.

Cloud security is your job, too

Data insurance isn’t just about the data itself, it’s about the practice and concerns around it and how you have access to that data.

At FOSE, a conference for the government technology community that wrapped up yesterday,  representatives from Amazon, IBM, and Microsoft discussed the cloud. There were some predictable differences in approaches and priorities, but all agreed that cloud security is a very big deal.

According to the panel, responsibility for cloud security is equally shared between clients and vendors. Vendors are responsible for securing their services, but clients are responsible for creating secure applications and following security protocols and regulation.

This obviously is an important lesson for government agencies moving to the cloud—and for anyone else moving to the cloud. It’s important to vet cloud providers to make sure their practices are secure, but it’s equally important to ensure your own security practices can make the grade.

Study shows rapid cloud adoption growth

The use of cloud services is accelerating rapidly, according to a new study that aggregates real cloud usage data from over 250 companies. A total of 3,571 cloud services are being used by more than 8.3 million users at the subject companies; last quarter, there were 2,675 cloud services identified.

Another finding: The number of services used per organization grew from 759, on average, compared with last quarter’s 626.

An area of concern is a service’s “enterprise readiness,” a measure determined by the study that takes into account factors like data protection, and security features. Only 7% of cloud services were determined to be “enterprise ready,” down from last quarter’s 11%. Disconcerting, especially considering that security concerns are the main barrier to cloud adoption.

The study also found that cloud services are increasingly fragmented—on average an organization is using 24 file-sharing services and 91 collaboration services. Additionally, 18% of companies have at least 1,000 devices accessing a public cloud using Windows XP, an OS Microsoft no longer supports—another potential security risk.

Our own cloud adoption survey is yielding some interesting initial results, and we’ll be reporting on those soon.