New research from McAfee has revealed 40% of large UK businesses expect to be cloud-only by 2021. In fact, the study reveals that a small proportion (5%) of trailblazer organisations have already reached cloud-only status in the UK.
The research aimed to understand the future of cloud for large organisations – outlining the extent to which businesses are shifting to cloud, whether they aim to become cloud-first or even cloud-only, when they expect to achieve these milestones and the drivers as well as barriers to these planned pivotal changes to their cloud strategies. By surveying 1310 senior IT staff and 755 employees in large businesses with over 250 employees across the UK, France and Germany, this study paints a picture of how much further large businesses plan to take their reliance on cloud in the coming years and highlights potential security challenges facing businesses aiming for either cloud-only or cloud-first status as they shift their sensitive data to the cloud.
The race to cloud-only: accelerate ahead or drop behind
In the UK, the majority (86%) of senior IT staff believe their business is cloud-first today – a similar proportion to France (90%) and Germany (92%). Yet large organisations are looking to further increase their reliance on cloud: 93% of large organisations across the three countries plan to move still more sensitive data to the cloud in the coming years.
In fact, seven in ten (70%) UK businesses expect to be cloud-only in future – compared to 75% in France and 86% in Germany. Many expect to reach this milestone in the next 2-3 years. Two-fifths of businesses in the UK (40%) and France (42%) expect to be cloud-only by 2021, with two-thirds (68%) expecting to see this progress in Germany.
Despite this increasing reliance on cloud, the research uncovers a gap between the UK businesses aiming for cloud-only status and a minority which do not predict such progress: 14% of large UK companies cannot yet describe themselves as cloud-first today. Of the senior IT staff in the UK who do not think their business is cloud-first now, more than 1 in 10 (12%) don’t believe this will happen for at least another five years while a further 12% do not think their business will ever become cloud-first due to a lack of business appetite to do so.
“Non-cloud computing is a thing of the past,” said Nigel Hawthorn, director, EMEA cloud security business, McAfee. “Whether businesses are close to cloud-only status or still shifting towards a cloud-first approach, the age of cloud is already here. While this heralds major leaps in enterprise innovation, agility and productivity, it could also lead to serious security lapses if not handled correctly. By deploying technology which offers comprehensive visibility and control over data in the cloud while protecting services from threats, organisations can rest assured their transition to the cloud – no matter what stage they have reached – will accelerate the business without risking data loss through unsafe cloud use. When managed correctly, cloud is the most secure place to do business.”
What’s driving widespread cloud adoption?
UK businesses are recognising a wide variety of benefits through cloud adoption. The majority (88%) of senior IT staff in the UK confirm that moving to the cloud as a business has increased productivity amongst end users in their organisation while 84% state it has improved their company’s data security. Other benefits highlighted by the research include: increased innovation in the business (84%), enabling the company to offer employees more varied services (85%) and enabling staff to be more efficient in their day-to-day job role (84%). Furthermore, three quarters (75%) of senior UK IT staff feel that moving to the cloud as an organisation had made their jobs more fulfilling.
Within businesses operating with a cloud-first strategy today, almost two-thirds of senior IT staff believe it has already increased innovation (61%) and strengthened security (61%). Almost half (47%) also think the cloud-first strategy in place enables cost-cutting.
Concerns around cloud security
On average, UK respondents claim 45% of business-critical or sensitive data is currently in the cloud – compared to 43% in France and 57% in Germany. While there is clearly appetite to reap the rewards of cloud adoption, security concerns are holding businesses back. Across the three countries, almost a quarter (22%) of senior IT staff do not
think their business will ever be cloud-only, selecting “security fears” (55%), “data access concerns” (40%) and “compliance concerns” (31%) as three key factors.
In addition to these security concerns, the poll uncovered widespread uncertainty around who is ultimately responsible for ensuring data in the cloud is secure. In the UK, some believe the responsibility lies with C-suite roles: CEO (14%), CIO (19%) or the CISO (5%). On the other hand, over one-third (34%) feel the IT manager is ultimately responsible for this data.
Raj Samani, chief scientist and McAfee fellow, stated: “Data and applications have shifted to the cloud – and where they go, cybercriminals will try to follow. We’re now in a new era of cloud-native data breaches. As we shift towards a cloud-only or cloud-first business environment, organisations must adapt their security technology and processes to close the gap between cloud adoption and secure enablement in the enterprise. Businesses will need to adopt cloud-native security tools that are purpose-built for cloud security. If not, they run the risk of becoming an easy target for cybercriminals.”
IT vs. employee divide
Despite organisations’ increasing reliance on cloud, shadow IT continues to be a threat. Almost one-fifth (19%) of the surveyed employees who use cloud-based apps admit they use apps which have not been approved by IT – with a further 5% uncertain on which apps had or had not been sanctioned by the IT department. Conversely, one-fifth (21%) of senior IT staff believe less than 5% of their end users are using cloud services which have not been approved by IT.
Hawthorn concludes: “The key to security in a cloud-first environment is knowing where and how data is being used, shared and stored by employees, contractors and other third parties. When sensitive corporate data is under the IT team’s control – whether in collaboration tools or SaaS and IaaS applications – organisations can ensure the right policies and safeguards are in place to protect data from device to cloud, detect malicious activity and correct any threats quickly as soon as they arise.”