Tale of Two Surveys: Opinions on Cloud Security Differ
January 18, 2011
If there’s one thing I’ve learned from my years in journalism, it’s that you have to take surveys with a grain (or sometimes a whole shaker) of salt. I can’t tell you how many times I’ve seen surveys with similar questions yield wildly different results, depending on the size and composition of the sample, the way the questions are asked, who asks them, etc., etc.
Shortly after IT Business Edge contributor Mike Vizard reported on a Virtacore Systems survey that found executives of midmarket companies lukewarm about the idea of cloud computing, I read about a MarketBridge survey that offered a more positive take on the cloud from midmarket respondents.
Not surprisingly, given MarketBridge’s expertise, its survey focused on the cloud-based sales and marketing applications it provides to companies. That was one of the biggest disparities between the two surveys. While MarketBridge found 29 percent of its respondents used cloud-based CRM, less than 10 percent of the Virtacore Systems respondents said their companies did so. Forty-eight percent of the Virtacore Systems survey respondents, though, said they didn’t know if their company used any cloud apps.
The numbers on cloud usage actually weren’t that far apart. Some 60 percent of the Virtacore Systems respondents said their company didn’t use any cloud apps. Forty-four percent of the MarketBridge respondents said their companies had at least one app in the cloud.
More than 70 percent of MarketBridge’s respondents said their companies would use more cloud-based apps within 12 months. The migration question appeared less direct in the Virtacore Systems survey. Twenty-five percent of those respondents said they felt the cloud offered potential for their business, while 49 percent said they didn’t know. Only 26 percent said they didn’t think the cloud had potential for their business.
The two samples did seem to indicate a gap in how they felt about cloud security. Some 30 percent of the Virtacore Systems respondents named assuring security and compliance as the biggest hurdle to cloud adoption. (The only other answer that even came close was getting budgetary approval.) Security was also named as most important factor, cited by 31 percent of respondents, followed by total yearly cost (28 percent), ease of deployment (24 percent), compliance (10 percent), visibility and control (5 percent) and speed of deployment (3 percent).
In contrast, 48 percent of the MarketBridge respondents believe data security would be better on the cloud. Cloud providers have long played up this idea. When I interviewed Paul Turner, senior director of product marketing for NetSuite, about cloud-based ERP, he responded to my question about cloud misconceptions:
You also see concerns around security. When that objection comes up and you ask a company of 50 to 100 people how many people they have dedicated 24/7 to security, the answer is usually none. We provide a dedicated organization to keep the application secure. For example, one of the certifications we provide as a standard part of NetSuite is called PCI-DSS (PCI Data Security Standard) security, because we are handling cardholder information. That’s a security standard administered by the credit card companies. One customer needed PCI security for their internal systems and they looked at the cost to achieve that level of security for those systems and it was prohibitive. So it was advantageous to them to get that level of security as a standard part of our solution.
OK, but you’d expect a vendor to say that, right? Some cloud users back this up.
I wrote about a webinar featuring Shaklee CIO Ken Harris, during which he said security was "absolutely better" with the cloud solution than with Shaklee’s previous system. He suggested simply treating a cloud provider’s facility as your own and asking internal security experts to perform a review. It should be "no different than internal analysis," he said, which I thought was good advice. He also said that, because concerns are more top-of-mind when trusting data to an "outsider," CIOs are less likely to sweep security issues under the rug with cloud providers and assume "everything is OK" as is sometimes the case with internal security.