According to a study released today by Scalar Decisions Inc., Canada’s leading information technology solutions provider, an overwhelming three quarters (77%) of Canadian organizations feel they are not doing enough to address cloud security on both the IT and business sides. The study, conducted with senior-level IT practitioners from across Canada, found a shortfall in the implementation of several key security items that underpin cloud security: responding organizations identified that they have yet to implement security items such as data classification and accountability (54%), client and end-point protection (57%), identity and access management (48%) or application-level controls (59%).
According to the study, cloud-based delivery is becoming mainstream as approximately 60 per cent of Canadian organizations have adopted cloud as an IT delivery model – yet almost half (48%) have no formal cloud security policy in place. Across all levels of expertise – from experienced cloud users understanding the complexities of cloud transformation, to novice users – security was cited by 75 per cent of respondents as the number one ongoing post-adoption issue to be addressed.
“The high adoption of cloud-based delivery tells us that security is not a barrier to cloud, but is still something that needs to be addressed in a vast number of businesses,” said Neil Bunn, Chief Technology Officer, Scalar Decisions. “Utilization and understanding of the cloud is low. Security remains the number one expressed concern across all levels of cloud experience, yet there is an evident disconnect between organizations’ worries regarding cloud security and the actions being taken to mitigate the existing risks.”
Growth of workloads transitioning to the public cloud is not slowing down. The research, commissioned by Scalar and independently conducted by IDC Canada, found Canadian organizations anticipate that over the next 12 to 36 months the percentage of workloads hosted in the public cloud will increase significantly: respondents expect their cloud-based workloads to increase from 31 per cent to 35 per cent in 12 months, and to 41 per cent in 36 months. Similarly, surveyed IT decision makers anticipate significant increases in the percentage of their IT budgets allocated to the public cloud. On average, respondents estimate their IT budget to increase from 20 per cent to 25 per cent in 12 months, and to 29 per cent in 36 months.
The research also examined users’ experience with the cloud in relation to their level of sophistication. Experienced users, representing one-in-five respondents (19%), were found to have significantly stronger planning, assessment and design foundation than novice users. On average, 86 per cent of experienced cloud users have formally documented processes, in comparison to only 42 per cent of novice users. Individuals with cloud experience were also found to understand the complexity of cloud transformation, and are more likely to recognize the need for specialized experience. Among the experienced respondents surveyed, nearly all (95%) indicated that cloud security is an expertise or skillset where external partners can provide value. Notably, all (100%) IT departments at experienced users surveyed have a formal roadmap for moving other workloads to the cloud.
“Cloud benefits and business value become progressively more sophisticated as organizations’ experience with the cloud increases,” added Bunn. “Viewing cloud security and cloud adoption as non-severable concepts, coupled with investing in a continuous optimization approach in line with the Cloud Experience Model are key factors to achieve success in a rapidly changing marketplace of cloud based services and capabilities.”