Organisations across almost all sectors are warming up to the cloud, but that wasn’t always the case. In the not too distant past, security represented one of the biggest barriers to cloud adoption. For many organisations – both regulated and unregulated – the risks outweighed the benefits.
The public cloud, once written off as a security Pandora’s Box, is now increasingly perceived as an undeniable business enabler that enhances productivity, efficiency, and ultimately ROI. This shift of opinion is evident across all verticals and market segments. According to our annual Cloud Adoption Report, public cloud adoption has doubled in unregulated industries; the percent of organisations relying on some type of cloud app has jumped from 26 per cent to 50 per cent.
Perhaps more surprisingly, cloud adoption in regulated industries has nearly trebled, up from 15 per cent in 2014 to 39 per cent today. These organisations have aggressively embraced the cloud over the last two years, a dramatic shift.
What is driving this radical turnaround in just about every major industry? It turns out, a lot. For one, it’s hard to ignore cost-effective tools that are easy to deploy and use, that maximise productivity and that enable employee mobility. What’s more, global cloud app vendors such as Microsoft have made it very easy to use the cloud, building out new features exclusively for cloud apps and aggressively pushing migration from on-premises architecture.
Overall, cloud security has become less of a worry for both regulated and unregulated industries, in part due to the proliferation of Cloud Access Security Brokers (CASBs) and other dedicated cloud-security companies that have resolved security and compliance concerns. This, in turn, has enabled regulated industries to start catching up to unregulated industries, adopting cloud solutions more rapidly as providers have increasingly addressed their security woes.
Here’s a breakdown of cloud adoption by vertical and a look at some of the driving forces behind this phenomenon:
The education market has been quicker to migrate to the cloud than any other vertical; 83 per cent of such organisations have already deployed cloud solutions. There are several reasons for this rapid uptick. For one, both Google and Microsoft offer cloud suites free of charge to education customers. Also, like other industries, education has increasingly required easy, fast, and affordable collaboration tools, but it faces few enforceable security and compliance restrictions, despite the proliferation of sensitive research data and student personally identifiable information (PII).
Even with the rapid proliferation of cloud apps, the education vertical has fallen short on effectively implementing security policies; this issue is part of a broader struggle in education to receive adequate funding and IT training. At the same time, cloud infrastructure has become more available and affordable for education institutions, creating an ever-widening gap between cloud adoption and cloud security.
Surprisingly, the healthcare industry – a market that historically has been slow to leverage new technology due to rigorous compliance regulations governing patient data – has become more aggressive about cloud adoption. In 2015, adoption went up a massive 37 percent from just eight per cent the previous year.
However, healthcare still lags behind many other industries for many reasons. In particular, HIPAA compliance remains a significant obstacle to aggressive cloud projects in hospitals and their affiliates. Under HIPAA, providers are required to secure all protected health information, which becomes a greater and more persistent challenge as employees continue to bring smartphones, tablets and other connected devices onto the corporate network. The mobile nature of the healthcare workforce, and an insistence on BYOD, means a possible proliferation of cloud-based patient data synchronising to unmanaged mobile devices. This challenge means that many healthcare organisations balk at taking risks that could result in steep financial penalties.
Government verticals are a bit of an outlier – despite numerous industry regulations, cloud adoption rates remain relatively high across government agencies. More than half (53 per cent) of government organisations with more than 1,000 employees have adopted public cloud apps. In addition, 47 per cent of state and local government organisations have adopted public cloud productivity suites. Of all government agencies, 27 per cent rely on Office 365 while 19 per cent use Google Apps.
Among the driving forces behind this growth is the need for collaboration tools. Because government agencies often lack the budget for high-end, premises-based enterprise tools, cloud applications offer an affordable way to collaborate.
While cloud adoption in the financial services sector has not happened at quite the pace of other industry verticals, it has experienced strong and steady growth, rising to 37 per cent in 2015. However, as in the healthcare market, cloud adoption is often thwarted by myriad security requirements and compliance regulations, which in recent years have become more stringent and punitive.
As with healthcare and other highly regulated industries, financial services organisations are embracing public cloud apps as security solutions emerge. Dedicated cloud security vendors, such as Cloud Access Security Brokers, increasingly meet the rigorous compliance demands and ease the security woes of these organisations, enabling them to confidently face mandatory audits.
The role of Cloud Access Security Brokers
According to Gartner’s Market Guide for Cloud Access Security Brokers, 'By 2020, 85% of large enterprises will use a cloud access security broker product for their cloud services, which is up from fewer than 5% today.'
That is significant. And it has become increasingly clear that this trajectory will continue up and to the right, thanks in part to accelerating demand and the need for cloud apps. At least 30 per cent of businesses in all industries have adopted some kind of cloud app, bringing total cloud adoption up to 48 per cent across all verticals. The reasons for this are obvious – cloud apps are easy to deploy, cost effective, and more flexible than many on-premises software and hardware solutions.
But security challenges still persist. While major public-cloud vendors invest heavily in the security of their applications and their infrastructure, they typically offer few tools to govern data usage and access, which means there are a host of unsolved security and compliance issues. CASBs fill those widening gaps, providing critical security functions that include access controls, data leakage prevention, cloud encryption, mobile data protection, identity, and visibility, mandatory in regulated industries and useful to all organisations. And in highly sensitive verticals such as healthcare, CASBs help meet several of HIPAA’s technical security requirements, such as access, audit, integrity, and data transmission.
The net-net is that these security functions pave the way for increasing adoption of the cloud because they allow organisations to innovate and stay competitive by leveraging all the cloud has to offer.
Rich Campagna, vice president of products at Bitglass