Has Cloud Adoption Plateaued?

By Author: Tomas Cohen
Total Articles: 16
Comment this article

Statisticians are always interested when they see data that diverges from a general pattern. This is exactly what happened when we dug into the latest cloud usage data from Q2 in the recent Cloud Adoption and Risk Report (CARR).

To this point, we had seen rapid growth in the adoption of cloud services. In Q3, 2013 the average enterprise used 545 cloud services. In Q4 of that year, the number had grown to 626, and by Q1, 2014 the average enterprise was using 759 cloud services. That averages out to a quarterly compounded growth rate of 18%.

Anomaly or the beginning of a trend?

Over the last quarter, the average number of Cloud Security services used in the enterprise, actually decreased slightly from 759 to 738. With only one divergent data point it’s impossible to tell I this is an anomaly or the beginning of a trend (we’ll certainly be revisiting this next quarter to draw some conclusions here). The immediate question is – why did this happen?

3 reasons for the flatenning

We are in the early innings of the movement to ...
... the cloud, so it is unlikely that this flattening is due to decreased supply or demand of cloud services. Instead, this flattening is likely the result of 3 factors:

1. We are seeing IT making a concerted effort to educate employees on the perils of high-risk cloud services in an attempt to divert usage to low-risk services

2. Many organizations are beginning to consolidate services in a particular category to not only lower cost and risk, but also to increase collaboration and productivity

3. Due to increased awareness about cloud risks, employees are using more care when dealing with corporate data.

Flattening likely a good thing

From our perspective, this flattening, due to shift to using low-risk services and consolidation of services in a category, is a good thing. Why?

The data shows that the majority of the 3,861 services found in use overall lack basic security features, putting organizations at risk.

In fact, only 9% of services used were Skyhigh Enterprise-Ready™, meaning that they fully satisfied the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection based on detailed, 50-point evaluation criteria developed in conjunction with the Cloud Security Alliance (CSA). Only 11% encrypt data at risk, only 16% provide multi-factor authentication, and only 4% are ISO 27001 certified.

Author:
Tomas Cohen is a security enthusiast and analyst covering the most significant security topics and trends prevalent worldwide. He also involves in the technology related to Cloud Security, Data Loss Prevention, Cloud Service Broker etc.,