Survey: IT Gains Confidence, Benefits in Using Cloud for Systems of Record; But Work Remains

A survey of IT execs finds that cloud confidence is rising to the point that many organizations are considering using the cloud for their critical systems of record  IDN looks at the latest survey from Cloud Security Alliance, titled The Cloud Balancing Act for IT: Between Promise and Peril.

Tags: encryption, CISO, cloud, CSA, data, hackers, SaaS, security, Skyhigh, survey, system of record,

A just-released survey of 200 IT execs released by the Cloud Security Alliance (CSA) and Skyhigh Networks finds that cloud confidence is rising -- to the point that many organizations feel comfortable using the cloud for their critical systems of record.  Many other IT execs are considering the move from on-prem to cloud.


“While cloud adoption may have started with cloud-native systems of engagement, we’re entering a new phase in which companies migrate their systems of record to the cloud,” according to The Cloud Balancing Act for IT: Between Promise and Peril survey.  


The survey found a clear majority (64.9%) called cloud either “more secure” than on-premises software, or said clouds offer “equivalent security”   One potential reason for this heightening in confidence, the survey said, is because top cloud providers (such as Salesforce and Workday) have invested so heavily in security.


Beyond more confidence in cloud-based security, the survey revealed cloud-based systems of record can offer measurable benefits over legacy systems. Among them:

  • Lower up-front or ongoing costs (71.8%);
  • Faster implementation (69.2%); and
  • Better user experience (49.4%).

The report surveyed more than 200 IT and security professionals across the Americas, EMEA and APAC regions, and was sponsored by cloud security provider Skyhigh Networks.


“The benefits of switching your system of records over to the cloud are known - lower cost, faster implementation, and a better user experience,” said Skyhigh Networks CEO Rajiv Gupta in a statement. “What is not known is how this massive disruption will change the day to day activities and role of IT and security professionals. The opportunities are endless when these smart individuals can focus on becoming enablers to their business and partners with lines of business to make IT a truly innovative force.”


As with the first wave of SaaS adoption, line of business requests continue to be a big driver for IT’s willingness to consider housing systems of record in the cloud.  “As a growing number of companies have become more confident in cloud security measures and, with that, are moving their systems of records to the cloud, the role of IT and its relationship to the line of business is changing,” said Jim Reavis, CEO of the CSA.


The survey finding documented these changes:   

  • Employees and the line of business are key elements in driving corporate cloud adoption.  
  • The survey further found that CRM (customer relationship management) is the most widely used cloud-based system of record today. Due to that SaaS success, companies have plans to move other systems to the cloud, the report added.
  • IT professionals we surveyed receive, on average, 10.6 requests each month for new cloud services. Even considering there is likely overlap in these requests, that’s a tremendous number of cloud services that must be vetted.
  • In many cases, how this decision gets vetted comes down to security and related data integrity issues.  When a provider is not trusted, business requests are not met (53.6%). This is followed by a lack of encryption (45.8%) and a lack of data loss prevention (43.9%), the survey found.
  • Perhaps this high level of requests for adopting cloud-based services is why 71.2% of companies now have a formal process for users to request new cloud services.  [That said, these programs and processes are still evolving. Of companies with a formal process for requesting a new cloud service, 65.5% say they only partially follow it, the survey also found.]


Despite Growing Cloud Confidence,  Security Obstacles Remain

Despite the growth in confidence many IT professionals showed for using the cloud for their systems of record, the survey also revealed some obstacles remain.


“The top barrier to stopping data loss in the cloud is a lack of skilled security,” the survey found. In fact, one metric truly documents the connection between concern and lack of skilled security staff: Nearly one-fourth of companies (24.6%) admit they would be willing to pay a ransom to hackers to prevent a cyberattack.  Further, some 14.0% admit they’d pay ransom of more than $1 million.


The survey summarized other security concerns: 


As data leaves the company data center for the cloud, IT is caught between delivering technologies to support innovation and growth in the business and securing sensitive data against proliferating threats. . . .

When asked about the barriers to moving systems of record to the cloud, the primary obstacle noted by 67.8% of companies was the ability to enforce their corporate security policies. Next, 61.2% of companies said that concern about complying with regulatory requirements was a barrier.

Preparedness for cyber attacks is also an issue. When asked how prepared their company is for a major cyber attack on a scale from 1-5, (1 not at all prepared), respondents rated their preparedness at 3.31 on average. “However, responses varied widely depending on whether the company has a formal incident response plan,” the survey found. Companies with a comprehensive plan felt they were the most prepared.


The Cloud Balancing Act for IT: Between Promise and Peril is available for download.  


CSA is a not-for-profit organization to promote best practices for cloud security assurance and includes a broad coalition of industry practitioners, corporations, associations and other key stakeholders.  Skyhigh Networks offers technologies to let enterprises adopt cloud services while meeting security, compliance, and governance requirements.