Path to Value in the Cloud in review

Our research program is now complete, and all of the analysis of our survey of 350 business and technology executives nationwide is now online. Taken together, this information offers key takeaways for companies pursuing their own cloud migrations.

The briefing paper outlines the main findings from the survey. Our survey revealed that while cloud is fundamentally changing the nature of business processes and collaboration, companies lack migration strategies and lack metrics to measure their own success in the cloud—or the effectiveness of their cloud vendors.

We then delved into the main findings with a series of short papers and infographics around each theme. The first examines how cloud is influencing and driving business strategy. The key takeaways from our cloud strategy think piece can be found in this infographic.

A second looks at the areas where companies are seeing the most value from the cloud (primarily collaboration and innovation)—and how they are measuring their success in the cloud. A snapshot of how cloud is driving business value can be found here.

Our third think piece highlights a persistent issue in the cloud—security. Security remains top of mind, and these concerns will remain relevant as firms move more business functions into the cloud over the next two years. But companies aren’t prioritizing security when it comes to choosing a cloud vendor. These findings are summarized in this infographic.

Finally, we detailed the characteristics and practices of those furthest along in their cloud migrations—Trailblazers. Trailblazers are seeing higher revenues and profit margins, and have more well-developed cloud migration plans. An infographic about Trailblazers  can be found here.

All of these research outputs can be found here.


Paper gives insight into importance of cloud security

WindstreamSecurityThinkPieceThis think piece gives greater insight to the topic that’s top of mind in any cloud conversation: security. In fact, 76% of respondents to our survey said that data security was a top concern when it came to making cloud migration strategies.

But despite the outsize security concern, many firms may not be following through with their security agendas when choosing a cloud vendor. Only 4% of respondents said meeting a minimum threshold of security was their most important quality when choosing a cloud services provider.

Most importantly, cloud security is a two-way street—vendors must have security measures in place, but those are useless without internal protocols and processes.

Read the full think piece here


Infographic details cloud security concerns

WindstreamSecurityInfographicClick to see full infographic

As the latest data breach imbroglio boils on, we have some data and insight into the importance of security on the path to value in the cloud. Our survey of 350 business and technology executives revealed that data security is a top concern when migrating to the cloud. The stakes are raised because collaboration is a major cloud benefit and companies are putting more and more data in the cloud.

But despite their concerns, companies haven’t assessed their own needs from cloud vendors or their own readiness, and they’re not emphasizing security when choosing providers. For a more detailed look at the state of security in the cloud, check out our think piece on the topic.


New paper highlights importance of cloud security


This week we released a think piece focusing on the importance of cloud security. And with another big breach in the news—this time possibly involving iCloud—the topic is as timely as ever. No surprise, then, that 76% of our 350 survey respondents said that security concerns influence their migration strategies.

This is especially true of healthcare companies. 87% of respondents from that industry said data security was a top migration concern. But despite this emphasis, we found that many firms may not be pursuing their security agendas when choosing a cloud vendor. Only 4% of respondents said meeting a minimum threshold of security was their most important quality when choosing a cloud services provider.

It’s important for companies to remember that cloud security is a two-way street—providers must have security measures in place, but those are useless without internal protocols and processes.

Read the full think piece here

The cloud you don’t see

“Listen to your users, give them what they need…. A ‘don’t use the cloud’ memo isn’t going to cut it.”

Security is top of mind for most organizations looking to migrate to the cloud, but there’s another threat vector to consider: cloud creep. Even a company with sufficient security protocols in place for its formal cloud services may face exposure from services like Facebook, Dropbox, and Pandora entail.

“Just because you have a positive position on IaaS doesn’t mean you have a sufficient risk posture around off-the-shelf services,” Jason Ha, national manager of security practices for Dimension Data, said.

On average, Ha finds in security audits that companies have six times the cloud exposure they thought they did.

But there’s not an easy solution. Simply blocking access to social media sites may temporarily fix the problem, but it might block legitimate sites, and employees can find workarounds. And there’s no escaping the cloud: even if a company has a “no-cloud” policy in place, the spate of recent data breaches shows the pitfalls of that approach.

So what is a company to do? The first step is to have a cloud policy in place, followed by an effort to deploy approved, monitored applications. It’s not an easy fix, but the key is to stay ahead of the curve and to give your staff options that are within your control.

Cloud security is your job, too

Data insurance isn’t just about the data itself, it’s about the practice and concerns around it and how you have access to that data.

At FOSE, a conference for the government technology community that wrapped up yesterday,  representatives from Amazon, IBM, and Microsoft discussed the cloud. There were some predictable differences in approaches and priorities, but all agreed that cloud security is a very big deal.

According to the panel, responsibility for cloud security is equally shared between clients and vendors. Vendors are responsible for securing their services, but clients are responsible for creating secure applications and following security protocols and regulation.

This obviously is an important lesson for government agencies moving to the cloud—and for anyone else moving to the cloud. It’s important to vet cloud providers to make sure their practices are secure, but it’s equally important to ensure your own security practices can make the grade.

Study shows rapid cloud adoption growth

The use of cloud services is accelerating rapidly, according to a new study that aggregates real cloud usage data from over 250 companies. A total of 3,571 cloud services are being used by more than 8.3 million users at the subject companies; last quarter, there were 2,675 cloud services identified.

Another finding: The number of services used per organization grew from 759, on average, compared with last quarter’s 626.

An area of concern is a service’s “enterprise readiness,” a measure determined by the study that takes into account factors like data protection, and security features. Only 7% of cloud services were determined to be “enterprise ready,” down from last quarter’s 11%. Disconcerting, especially considering that security concerns are the main barrier to cloud adoption.

The study also found that cloud services are increasingly fragmented—on average an organization is using 24 file-sharing services and 91 collaboration services. Additionally, 18% of companies have at least 1,000 devices accessing a public cloud using Windows XP, an OS Microsoft no longer supports—another potential security risk.

Our own cloud adoption survey is yielding some interesting initial results, and we’ll be reporting on those soon.

Cloud News Roundup

The SaaS model still dominates the cloud services market, but other models are beginning to experience rapid growth. Revenues from SaaS products are expected to reach $53 billion worldwide by 2018 and make up about 59% of the public cloud computing market.

The Wall Street Journal reports that cloud adoption is lower than expected—about 17.6% of companies with more than 1,000 employees use cloud email services. Healthcare, government, and financial services organizations are 40% less likely to adopt cloud-based email than all other organizations.

Even though the main barriers to cloud adoption are security concerns, a new study found that businesses are still storing vulnerable information unprotected in the cloud.When adopting the cloud, security responsibility falls on both sides.”It is really incumbent upon the user of the services as well as the provider of the services to join forces,” Larry Ponemon, the lead author of the study, said. “You can’t just rely on one side or the other.”

Facing cloud security fears

“It could be that there’s just a lot of information IT people don’t know. The comfort level is still missing.” Jagdish Rebello, IHS analyst

This week saw the release of two studies that reinforced the belief that security concerns are hindering cloud migration. A report from Bitglass said 52 percent of large companies and one third of SMBs aren’t migrating to the cloud due to perceived risks.

Nate Kausik, Bitglass’ CEO, had some thoughts on next steps for the industry. “Given the compliance and audit capabilities lacking in most cloud apps, we expect third-party security technology will be required to help close this gap,” he said.

A separate report from Compuware had more troubling news: 73% of IT professionals believe cloud providers are hiding security flaws. This one might have an easier solution, though.

Companies migrating to the cloud need to do their homework when searching for a cloud provider. Ask the right questions about potential vendors’ hiring practices, internal audits, and threat protection.

It’s a big change, but a necessary one, and it can be scary. But with the right preparations, the migration can be smooth, and secure.


Cloud Insights #BBGtech

Yesterday, we attended the Bloomberg Enterprise Technology Summit here in New York City. Not surprisingly, the cloud—its implications, uses, and future—was a hot topic. Notably, there were opposing viewpoints on the future of the private cloud datacenter model.

Benjamin Fried, Google’s CIO, and Scott Weiss, a partner at Andreessen Horowitz, both contended that the private cloud model was dead, saying that public clouds are safer, more secure, and allow for scaled used that private companies cannot compete with or afford. Long live Google and Amazon!

Not so fast, said the senior technology executives on another panel.  Mike Capone, Corporate Vice President of Product Development and CIO at ADP and Stephen Little, Xerox’s CIO, disagreed with the death-knell predictions for the private cloud. Both are using private and hybrid-cloud solutions to secure the massive amount of data their respective companies hold and see value in continuing that arrangement.

Other topics also led back to the cloud.

“Big data solutions have been solutions in search of problems,” said Fried.

Continue reading