File under “it’s about time”: The security of data in the cloud has reached the status of an executive-level concern. At the same time, IT continues to wrestle with policy management.
That’s the word from the Cloud Security Alliance (CSA), which has found in a recent survey that decisions concerning the security of data in the cloud has shifted from the IT room to the boardroom, with 61% of companies indicating that executives are now involved in such decisions.
IT teams are increasingly being tasked with balancing the need to enable software-as-a-service apps while also enforcing corporate security, compliance and governance policies. And it’s clearly not an easy task: Out of the surveyed executives and IT managers, nearly 72% admitted that they did not know the number of shadow IT apps within their organization.
And, 34% of respondents indicated that a lack of knowledge and experience on the part of IT and business managers was a main reason for slow or lack of adoption of cloud services.
“As companies move data to the cloud, they are looking to put in place policies and processes so that employees can take advantage of cloud services that drive business growth without compromising the security, compliance and governance of corporate data,” said Jim Reavis, CEO of the CSA, in a statement. “We hope that [companies] can make better decisions to help confidently and responsibly accelerate the use of cloud services in their environment.”
When it comes to those procedures for managing cloud adoption, large enterprises have the most in place. Companies with more than 5,000 employees are more likely to have a cloud governance committee (35% versus 12%), have a policy on acceptable cloud usage (61% versus 45%), and have a security awareness training program (26% versus 20%) compared to companies with fewer than 5,000 employees.
Policies in place or not, large enterprises are also more hesitant when it comes to investing heavily in cloud services, with only 36% of them spending more than 20% of the IT budget on cloud services, compared with 49% of companies with fewer than 5,000 employees.
And regardless of corporate investment, in general, business users regularly demand cloud services, with 57% of respondents indicating they receive between one and 10 new cloud service requests each month. And while 62% of respondents indicated that they do not block cloud services, the top services blocked by region include cloud storage providers and social networking sites.
“The past few years have marked a paradigm shift in IT’s role, from provider to enabler,” said Rajiv Gupta, CEO of Skyhigh Networks, which sponsored the report. “This survey, the largest of its kind, illustrates that companies are aware of the consumerization of IT but have room to more proactively address the security concerns of cloud adoption.”
Overall, while security of data remains a top barrier to cloud adoption, organizations are still moving forward in adopting cloud services, with 74% of respondents indicating they are either moving full steam ahead, or with caution, in the adoption of cloud services. Respondents from APAC indicated the highest level of adoption plans.