In addition, only 25% of organizations have IT staff with cloud experience, probably contributing to security anxiety over moving there, according to an Applied Research survey of 5,300 respondents from 38 countries done for Symantec.
Respondents were particularly concerned about potential risks, including malware, hacker-based theft, and data leakage.
Surprisingly, many respondents cited security as a goal of moving to the cloud, with 87% of respondents expressing confidence that moving to the cloud will not degrade security and could in fact improve security, demonstrating a certain amount of schizophrenia about the cloud and security.
“One of the top concerns around cloud adoption is security, but when people begin cloud projects and begin to move to the cloud, they think they can actually deliver better security with their cloud project”, said Dave Elliott, senior product manager of global cloud marketing at Symantec.
Many organizations have an expectation that when the move to the cloud is done correctly that their external cloud service provider will give them better security controls over their data than they have internally because they might be too small to implement the controls themselves, Elliott told Infosecurity. “Or if they are moving to a private cloud environment, they expect to be able to implement newer strategies and technology to improve their security posture”, he added.
Seventy-three percent of respondents have adopted or are adopting some sort of cloud service, with security services leading the way. The top cloud services companies are adopting include email services, security management, and web and IM security.
However, few have fully migrated to the cloud. Less than 20% reported having completed implemention of cloud projects. About one in four organizations are currently in an implementation phase. About two-thirds are still in early discussions, trials, or not considering a move to the cloud at all.
“Interest in the cloud is there, but it is nascent”, Elliott said.
The survey discovered that organizations having implemented cloud technologies are not seeing the benefits they had anticipated. Eighty-eight percent expected cloud to improve their IT agility, but only 47% said that it actually did. Benefits also fell short in the areas of disaster recovery, efficiency, lower operational expenses, and improved security.
In the cloud survey, Symantec offered a number of recommendations to organizations considering adopting the cloud: teak the lead in embracing cloud computing, set information and application tiers, and assess risk and set appropriate policies.
“We think the cloud is an opportunity for IT to step up and lead change in a strategic area”, Elliott said.