Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

1/12/2015
10:30 AM
Dave Kearns
Dave Kearns
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
100%
0%

Cloud Services Adoption: Rates, Reasons & Security Fears

Concern over data breaches and privacy are two reasons enterprises in the European Union didn't increase their use of cloud services in 2014, according to the EU's recent Eurostat report.

"Heaven's not beyond the clouds, it's just beyond the fear." – Garth Brooks

A lot of Europeans believe that the European Union is really an employment scheme for bureaucrats who want to live in Brussels -- which is, admittedly, a nice place to live. But for those of us in the analyst business, the EU is one of our best sources of the data we need to advise people on their technology needs.

I firmly believe that cloud services are no longer optional. Any business, large or small, needs cloud services to both remain competitive as well as to get better control over its bottom line. So I eagerly looked forward to the release last month of the EU’s Eurostat report on “Cloud computing - statistics on the use by enterprises,” which was broken out by country.

It wasn’t really a surprise that Finland led the way, nor that Hungary, Bulgaria, Greece, Poland, Latvia, and Romania were the trailers among the 28 member states. What was surprising, though, was the low percentages of adoption. Finland, the leader, barely passed 50% when counting those enterprises that used at least some cloud services. Those listed above as “trailers” were all under 10%. And the seemingly “advanced” countries of France, Austria, and Germany barely reached above the trailers, coming in at 11 to 12%.

When broken out by sector, information and communication were, not surprisingly, the leaders at 45%, followed by professional, scientific, and technical activities at 27%. Enterprises reported that they relied on the cloud mainly for their email services (66%) and, in second place, for file storage (53%).

Those organizations already using cloud services viewed the fear of security breaches as the main reason they hadn’t increased their use. In light of the spectacular breaches (such as Sony's) revealed recently, that’s not an unwarranted fear. Well, until you realize that it was datacenter -- and not cloud -- resources that were stolen in the Sony incident.

Another fear is the proliferation of data privacy issues among the various member countries of the EU. That, and the various spying revelations that have come from the Snowden incident, have made a number of enterprises wary of putting personal and privileged information into the cloud. It was hoped that a new EU Data Protection Regulation would clear up the privacy issues when it was promulgated this year, but there are now fears that serious differences remaining between the European Parliament and the 28 member states will push the regulation into 2016, further clouding (pun intended) the issue for commercial organizations.

But by far the biggest surprise, to me, in the Eurostat survey was the reason given by those enterprises that have yet to use any cloud services as to why that is so; for the 81% of European enterprises not using the cloud, the main stumbling block was insufficient knowledge of cloud computing! In fact, though, while there are many good reasons for adopting cloud services, there is little guidance for planning it. The first step is for companies to take a strategic approach to cloud migration rather than a tactical response to business unit demands.

Once the strategy is in place, a clear definition of the business objectives of cloud-based services can be developed, the attendant risks can be quantified, the necessary policies for operating in the cloud can be documented, and board-level direction of cloud adoption can occur. Then the pitfalls can be avoided.

You need to know that with cloud services, as with most things in your corporate life, ignorance can be fatal.

Dave Kearns is a senior analyst for Kuppinger-Cole, Europe's leading analyst company for identity-focused information security and networking. His columns and books have provided a thorough grounding in the basic philosophies of directory technology, networking, and identity ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
1/13/2015 | 1:09:18 PM
Re: Decision to use cloud is often bottom up, not top down
Was there any indication if the  EU is using things like DaaS or VDI? Would be interesting to see how it compares to what's going on here in the U.S. 

--KB 
Karen J. Bannan, commenting on behalf of IDG and VMware.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
1/12/2015 | 3:50:09 PM
Decision to use cloud is often bottom up, not top down
Sound advice from Dave Kearns: "The first step is for companies to take a strategic approach to cloud migration rather than a tactical response to business unit demands." And that's precisely why enterprise cloud usage is lagging in France, Austria and Germany at 11-12%. Amazon got off the ground, not when enterprises made a strategic decision to use it, but when developers decided it was a faster way to move forward and marketing decided not to wait for IT to buy more servers. Linux, remember, came in the back door, not the front.   
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/12/2015 | 12:35:17 PM
Does breakdown include US-based cloud companies
Good article, Dave. Wondering if the data breaks down the adoption rates by company origin? Specifically I'm curious about whether U.S.-based cloud companies are losing ground in Europe because the data has been judged (thus far) to be still within reach of US search warrants. Also, do you see any change if Microsoft prevails in its suit go protect data stored in the European cloud...
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5524
PUBLISHED: 2020-02-21
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.
CVE-2020-5525
PUBLISHED: 2020-02-21
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.
CVE-2020-5533
PUBLISHED: 2020-02-21
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5534
PUBLISHED: 2020-02-21
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.
CVE-2014-7914
PUBLISHED: 2020-02-21
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.