UK organisations are proving more risk averse towards adopting cloud computing than their peers across the globe. While this isn't necessarily a bad thing, it is interesting to understand why.
Intel Security have launched their second annual cloud security report. It shows that UK IT teams remain risk-averse when it comes to cloud adoption. Only 7% of UK businesses use the public cloud to store sensitive data, compared to the global average of 25%. This reluctance is in part due to the growing skills shortage.
A sensible stance perhaps, except that this reluctance to adopt the cloud is leading to the adoption of risky shadow IT where individual employees set up unofficial personal accounts with cloud service providers. As a result, the UK has a significant shadow IT problem: 74% of UK businesses claim their organisation has public cloud services in use that have been commissioned by departments other than the IT department compared with the global average of 66%. Does this matter? Well, IT professionals think so: two thirds of them believe that unofficial cloud services are creating a major cyber security problem.
And cloud use is growing - and changing. Perhaps it is only to be expected that 93% of organisations are using cloud services. And the fact that spend on cloud services is expected to reach 80% of IT budgets within a year or so only serves to confirm the pace at which organisations are taking equipment and software out of their offices ad placing it on the internet. But the move from private to hybrid cloud is surprising - in 2105 some 51% of organisations were using private cloud but a year later 58% were using hybrid cloud with at least some information stored on public services.
That either indicates budget pressures or perhaps more likely increasing confidence in the ability of cloud providers (especially the big players) to deliver secure, efficient and robust services. In fact, according to the report, those who trust public clouds now outnumber those who distrust public clouds by more than 2:1.
Of course cloud computing is here to stay. But as it evolves it is clear than businesses need to take greater control of the migration of data and services to the cloud by managing unofficial cloud use by employees outside IT. Without this effort it is inevitable that data breaches attributed to cloud use will occur. And the result of that could be businesses turning away from public cloud use - and as a result incurring greater risks and greater costs.
Jeremy Swinfen Green MA MBA is Head of Consulting at teiss. He has spent over 25 years advising organisations about digital technology and “human factors”, how people interact with technology. He has degrees from the University of Oxford and City University. He is the author of: "Cyber security: an introduction for non-technical managers" (Gower, 2015); "The weakest link" Bloomsbury, 2016) and "Digital Governance" (Routledge, 2020).