Why Some SMBs Still Fear The Cloud

Around one-third of small to midsize businesses (SMBs) around the world that have moved their computing and security operations to the cloud worry less about attack threats and compliance, and say their businesses are more secure now than when they handled security in-house, according to new data gathered by Microsoft.

But that doesn't mean SMBs are widely embracing the cloud. Around 40 percent of SMBs that have held back from outsourcing their IT and security operations to cloud service providers have done so due to worries about security and lack of transparency by cloud providers on how they implement security, according to new data released today from a blind survey of U.S. SMBs conducted by comScore and commissioned by Microsoft. ComScore surveyed companies in the U.S., Singapore, Malaysia, India and Hong Kong, with 100 to 250 PCs.

Nearly 70 percent of SMBs that haven't gone to the cloud say cloud security standards would help allay their concerns about security in the cloud, and 38 percent want more transparency from cloud providers. Nearly 35 percent aren't going to the cloud because they're concerned it will be costly to make the move from in-house to the cloud.

Tim Rains, director of Microsoft's Trustworthy Computing program, says the shocker to him was how much SMBs who employ the cloud say they saved on security spending. "The thing that surprised me most was the money savings of SMBs who use the cloud. They are six times more likely to have decreased the total amount they spent on security: That's a large number," Rains says.

SMBs that have gone to the cloud spend an average of 32 percent less time on managing security, and 52 percent say the cloud allowed them to add new products or services more rapidly and securely. Some 35 percent of the cloud adopters say they are more secure now, and 32 percent say they now worry less about attack threats.

"The perception is that security is a barrier to cloud adoption. But when we talk to customers -- and this [new] research backs it up -- the companies that embraced the cloud are already finding the benefits outweighing the previous concerns," Rains says. "A lot of customers are still timid because they have security concerns top of mind."

[ A registry offered by the Cloud Security Alliance allows customers to compare the security measures of participating service providers. See Vetting The Security Of Cloud Service Providers. ]

Ryan Brock, vice president of worldwide SMB cloud and channels for Access Markets International Partners, says the cloud provides SMBs with the expertise and resources they don't and likely can't have. "This translates into cost and time savings and better protection against cyberthreats, which gives them the freedom to innovate and grow their business," he said.

One SMB that is also a Microsoft InTune security-as-a-service customer says his firm was an early adopter of cloud technology, starting first with its IT infrastructure. "We started right away moving everything to the cloud with this start-up -- our own products, infrastructure," etc., says Thomas Castleberry, executive vice president and chief operating officer for SkyWire Media. Security was becoming overwhelming, with multiple software updates, antivirus, and anti-spyware tools and operations to conduct, he says.

So SkyWire outsourced its security operations to Microsoft's InTune service. "It was a hub for us to do all those things in one place," Castleberry says. The company saved more than $90,000 in IT costs -- around $15,000 per month, he says.

"We gained those numbers by reducing expenses, retiring hardware, and not deploying disparate software systems and having per-server client licenses," he says.

While cloud was a no-brainer for Castleberry and his company, that's not the case for all SMBs. Castleberry says that, in some cases, it's a cultural thing. "Those with an IT background and those that have grown up through the [IT] ranks have a tendency to server-hub: They want to feel it and touch it and be the guy who makes sure the power's turned on," Castleberry says. "But life just doesn't have to be that complicated. You don't have to physically see a server to know there's a group out there than can manage uptime better than you."

But not all cloud offerings are created equal, notes Pedro Bustamante, senior research advisor in the office of the CTO at Panda Security. Bustamante says his firm agrees with the SMB survey conclusions, but he adds that the key is having security protection that includes behavioral analysis, blocking engines, and IDS, for example, in addition to antivirus. "While the cloud offerings bring new benefits to the table, the protection offered by the solution should not be overlooked," Bustamante says.

Perception versus experience The SMB survey data seems to reflect a discrepancy between some SMBs' perceptions of cloud security versus others' actual experiences with it, according to Microsoft's Rains.

"This [survey] clearly shows that SMBs that use cloud spend less time managing security, less money managing it, and achieve higher levels of security than SMBs that do not use the cloud. Anecdotally, a lot of people will read this and say that this makes a lot of sense: spending less time managing security because it's offloaded to cloud providers, so you save money," he says.

"Security concerns are holding some of them back, but then you see the benefits are real, and [some] change their former perceptions," Rains says.

The Microsoft SMB cloud survey summary is available here for download (PDF).

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.