Survey shows shift to cloud-based services, despite concerns

Grazed from Network World.  Author:  Ellen Messmer.

A survey of 5,300 IT and security managers in 38 countries about cloud computing offers a vivid snapshot of expectations, anxieties and sometimes shattered hopes.

According to the Symantec "State of the Cloud" survey, 19% of the respondents said they had moved at least some applications to public software as a service, while 17% said they had adopted a private cloud arrangement. When it comes to public infrastructure as a service, 17% were using that, while 11% said they were using a hybrid arrangement linking private and public cloud services…

In addition, roughly a quarter of the respondents said they were in the middle of implementations based on these four defined categories of private and public cloud use. But about another quarter were not even considering it, with security, reliability and performance concerns paramount.

The survey shows those moving to cloud-based computing are often doing so even as they admit they’re unprepared.

First off, there’s the admission that their IT staffs are somewhat unprepared in terms of skills or experience to deal with cloud-based computing, with less than 1 in 4 IT staffs said to have any cloud experience at all. But most of the survey respondents said they are hiring for that.

In addition, the survey shows businesses trying out cloud-based services often turn to consultants, system integrators, and hardware and software vendors’ professional services organizations, among others outside the organization, to get going.

But all too often, their high expectations about the value of cloud computing — expressed as hopes for "increased agility," "improved disaster-recovery readiness," "increased computing efficiency," "reduced operational expenses" and "increased security" — are falling short after adopting the cloud.

For instance, slightly more than half found they did not achieve certain goals they had had for public-infrastructure cloud, such as "improve computing scalability," "reduce operating expense," "improve our overall computing agility" or "improve computing uptime/availability," among other goals. The most popular applications were said to be Web, email and calendar, ERP, office applications, engineering, document management, human resources and business intelligence.

In terms of who in the organization backed cloud computing, chief financial officers, chief information officers and chief security officers were largely on the same scale of willingness to try it (about 80% open to the idea, though the "hybrid" model got less enthusiasm), which defies the common perception that CSOs are ardently opposed to the cloud.

One question asked in the survey about what IT and security managers consider to be the most significant "threat models" in cloud computing seems to show they are shifting the anxieties they have often expressed about traditional internal computing out to cloud providers and their vulnerabilities.

Over half of the survey respondents said "mass malware outbreaks," "hacker-based data theft from a cloud," insiders sharing unauthorized information, data spillage, distributed denial-of-service attacks, inability to recover cloud-based data and other threats were of some or great significance to them. And when asked how many minutes of downtime per month they would accept for a software-as-a-service application before they decided it wasn’t reliable enough, the median answer was 50 minutes. For infrastructure as a service, the median was 45 minutes.