Cloud Services Adoption: Rates, Reasons & Security Fears

Concern over data breaches and privacy are two reasons enterprises in the European Union didn’t increase their use of cloud services in 2014, according to the EU’s recent Eurostat report.

“Heaven’s not beyond the clouds, it’s just beyond the fear.” – Garth Brooks

A lot of Europeans believe that the European Union is really an employment scheme for bureaucrats who want to live in Brussels — which is, admittedly, a nice place to live. But for those of us in the analyst business, the EU is one of our best sources of the data we need to advise people on their technology needs.

I firmly believe that cloud services are no longer optional. Any business, large or small, needs cloud services to both remain competitive as well as to get better control over its bottom line. So I eagerly looked forward to the release last month of the EU’s Eurostat report on “Cloud computing – statistics on the use by enterprises,” which was broken out by country.

It wasn’t really a surprise that Finland led the way, nor that Hungary, Bulgaria, Greece, Poland, Latvia, and Romania were the trailers among the 28 member states. What was surprising, though, was the low percentages of adoption. Finland, the leader, barely passed 50% when counting those enterprises that used at least some cloud services. Those listed above as “trailers” were all under 10%. And the seemingly “advanced” countries of France, Austria, and Germany barely reached above the trailers, coming in at 11 to 12%.

When broken out by sector, information and communication were, not surprisingly, the leaders at 45%, followed by professional, scientific, and technical activities at 27%. Enterprises reported that they relied on the cloud mainly for their email services (66%) and, in second place, for file storage (53%).

Those organizations already using cloud services viewed the fear of security breaches as the main reason they hadn’t increased their use. In light of the spectacular breaches (such as Sony’s) revealed recently, that’s not an unwarranted fear. Well, until you realize that it was datacenter — and not cloud — resources that were stolen in the Sony incident.

Another fear is the proliferation of data privacy issues among the various member countries of the EU. That, and the various spying revelations that have come from the Snowden incident, have made a number of enterprises wary of putting personal and privileged information into the cloud. It was hoped that a new EU Data Protection Regulation would clear up the privacy issues when it was promulgated this year, but there are now fears that serious differences remaining between the European Parliament and the 28 member states will push the regulation into 2016, further clouding (pun intended) the issue for commercial organizations.

But by far the biggest surprise, to me, in the Eurostat survey was the reason given by those enterprises that have yet to use any cloud services as to why that is so; for the 81% of European enterprises not using the cloud, the main stumbling block was insufficient knowledge of cloud computing! In fact, though, while there are many good reasons for adopting cloud services, there is little guidance for planning it. The first step is for companies to take a strategic approach to cloud migration rather than a tactical response to business unit demands.

Once the strategy is in place, a clear definition of the business objectives of cloud-based services can be developed, the attendant risks can be quantified, the necessary policies for operating in the cloud can be documented, and board-level direction of cloud adoption can occur. Then the pitfalls can be avoided.

You need to know that with cloud services, as with most things in your corporate life, ignorance can be fatal.

Dave Kearns is a senior analyst for Kuppinger-Cole, Europe’s leading analyst company for identity-focused information security and networking. His columns and books have provided a thorough grounding in the basic philosophies of directory technology, networking, and identity management to a generation of technologists.

[DarkReading]