There is no reason why the crowds arriving at Cloud Expo Europe in April 2016 should not be more enthusiastic than ever about the offerings on show. Back In 2013, a Quocirca research report, The Adoption of Cloud-based Services (sponsored by CA Inc.) looked at the attitude of European organisations to the use of public cloud services. There were two extremes; among the UK respondents, 17% were enthusiasts who could not get enough cloud whilst 23% were proactive avoiders. Between these end points were those who saw cloud as complimentary to in-house IT or evaluated on a case-by-case basis.
In 2015 Quocirca published another UK-focussed research project, From NO to KNOW: The Secure use of Cloud-Based Services, (sponsored by Digital Guardian) which asked the same question. How things have changed! The proportion of enthusiasts had risen to 32% whilst the avoiders had fallen to just 10%. Those using cloud services on a case-by-case basis had risen too, from 17% to 23%, whilst those who regarded them as supplementary fell from 43% to 35%.
The questionnaire used in the research did not use the terms avoiders and enthusiasts but more nuanced language. What we dubbed enthusiasts during the analysis had actually agreed with the statement “we make use of cloud-based services whenever we can, seeing such services as the future for much of our IT requirement.” Avoiders on the other hand felt either “we avoid cloud-based services” or “we proactively block the use of all cloud-based services.” So the research should be a reasonable barometer for changing attitudes rather than a vote on buzzwords.
The 2015 report went on to look at the benefits associated with positive attitudes to cloud, such as ease of interaction with outsiders, especially consumers, and the support for complex information supply chains. It also showed the confidence in the use of cloud-based services was underpinned by confidence in data security.
The research looked at the extent to which respondents’ organisations had invested in 20 different security measures. Enthusiasts were more likely than average to have invested in all of them, with policy based access rights and next generation firewalls topping the list. However, avoiders were no laggards; they were more likely than average to have invested in certain technologies too; data loss prevention (DLP) topped their list, followed by a range of end-point controls as they sought to lock down their users’ cloud activity.
Supplementary users of cloud services took a laissez-faire approach; they were less likely than average to have invested in nearly all 20 security measures. Case-by-case users tended to have thought things through, and were more likely than average to have in place a range of end-point security measures and to be using secure proxies for cloud access.
What is the message here? The direction of travel is clear; there is increasing confidence in, and recognition of the benefits of, cloud-based services. However, for many it is one step at a time, with initial adoption of cloud services for many in limited specific use cases. The security measures to enable all this, as the 2015 report’s title points out, are not to block the use of cloud services by saying NO but to be able to control them by being in a position to KNOW what is going on.
There are two underlying drivers that can’t be ignored by IT departments, whose role is to be a facilitator of the business rather than a constraint on it. First, many digital natives (those born around 1980 or later) are now entering into business management roles; bringing positive attitudes to cloud services with them. Second, regardless of what IT departments think, lines-of-business are recognising the benefits of cloud services and seeking them out—so-called shadow IT which is delivering all sorts of business benefits. Why would any organisation want to avoid that?
