IT departments worldwide aren't ready for the cloud, survey finds

Are information technology departments worldwide ready for the cloud?

Despite a high level of interest in cloud computing, IT staffs within organizations say they simply are not ready for it, according to Symantec’s 2011 State of the Cloud Survey.

Less than 25 percent of the survey’s respondents say their IT employees have cloud experience and half of the respondents rated themselves as less than somewhat prepared.

As a result, most organizations are currently turning to outside resources for help. For instance, when deploying hybrid infrastructure or platform-as-a-service, about three in four respondents said they are turning to value added resellers (VARs), independent consultants, vendor professional services organizations or systems integrators.

To accurately measure attitudes and adoption rates, Symantec commissioned a worldwide survey of 5,300 organizations, representing 38 countries. Applied Research conducted the survey by telephone between April and July 2011. Senior executives in small, medium and large enterprises were interviewed.

Security continues to be a top goal and concern among businesses and organizations. But at the same time, 87 percent of the respondents think moving to the cloud will either not impact or will actually improve their IT security.

This conflicting view of security may sound confusing, but it makes sense, the report says.

“Done correctly, security can be improved in a cloud environment. But it doesn’t happen without planning and careful attention during the implementation phase,” the report says.

The five major security concerns include:

  • Mass malware outbreak at the cloud provider.
  • Hacker-based data theft at the cloud provider.
  • Sharing sensitive data insecurely via the cloud.
  • Rogue use of cloud leading to a data breach.
  • Data spillage in a multi-hosted environment.

Although adoption of cloud computing for hosting applications is still low, adoption of cloud services is very high, according to the report. Cloud services are computing services such as backup, storage and security that are delivered via the cloud, the report states.

The survey found that 73 percent of respondents have adopted or are currently adopting some sort of cloud service, with security services leading the way. This is contrasted with public software-as-a-service or private cloud infrastructure as-a-service, where only 42 percent have already adopted or currently are adopting, the report states.

The five most common adopted services were predominantly security related in some way:

  • Email services (such as management or security).
  • Security management.
  • Web and IM security.
  • Virtual desktop.
  • Log or incident management.

For those that have implemented cloud computing, there are significant gaps between what organizations were expecting to achieve and what they actually achieved, the report states. For example, 88 percent expected cloud to improve their IT agility, yet only 47 percent found that it actually did. The same was true of disaster recovery, efficiency, lowered operational expenses and improved security.

“These gaps are indicative of the immaturity of the market. Cloud vendors and solutions are still evolving and promises may be outrunning reality at this stage,” the report states. A big reason for the gaps lies with the organization’s computing staff. Three out of four organizations admitted that ‘changing the way IT works’ was a ‘significant’ to ‘extreme’ challenge in terms of achieving cloud success.

Some recommendations to address these problems include:

  • Take the lead. IT needs to take a proactive role in embracing the cloud. Too many IT organizations today are taking a slow, methodical, and conservative approach to moving to the cloud.
  • Set information and application tiers. Not all information and applications are created equally. Perform an analysis and place your information and applications into tiers to determine what you feel comfortable moving to the cloud.
  • Assess your risk and set appropriate policies.
  • Access Control: Assure critical information is only accessible by authorized users and that your critical information doesn’t leave the company.
  • Compliance: In the cloud you effectively delegate management of infrastructure to your cloud vendor. But you retain the same compliance requirements. Make sure your cloud vendors can meet all of your compliance requirements, such as limiting where data is stored for jurisdiction-specific compliance and how they assure data privacy.
  • Availability: Assess potential cloud vendors for operational issues such as high availability and disaster recovery abilities.
  • Get started now. You don’t have to take an all-or-nothing approach to cloud computing. Leveraging cloud services is an easy first step to moving to the cloud.

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.

Reader Comments

Fri, Dec 2, 2011

"Cloud Security Concerns Will Be Passe, Gartner Analyst Says," Total CIO, Karen Goulart, http://itknowledgeexchange.techtarget.com/total-cio/cloud-security-concerns-will-be-passe-gartner-analyst-says/ “The big cloud service providers think differently about information security - and that's a good thing, Neil MacDonald, Gartner Vice President and Fellow, told a virtual audience of CIOs and other IT folks during a recent Gartner webinar on cloud security. When it comes to information security, anything you can do, cloud can do better. Or soon will, he said. How exactly are cloud service providers better than you at information security? According to MacDonald here are the new and improved ways big-name cloud service providers like Google, think about security: * They assume machines will fail, so they focus on resilience * Their security is baked in, not tacked on * They have shifted to software-based, automated security controls * They take more responsibility than many of your other vendors for delivering outcomes * They force users to think about outcomes * Their offerings tear down IT silos * They employ better people and deploy higher quality controls * They embrace change * They view security as an adaptive service"

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above