Beneath the cloud
Catalin Cosoi explores the reasons that many SMBs in the UK are failing to embrace cloud
It is universally accepted within the security industry that the cloud brings with it some sizeable business benefits - yet it appears that, for many SMBs in the UK, the decision on whether to embrace the cloud has been postponed amid concerns and a lack of understanding regarding the technologies involved.
The fact that the UK is lagging behind in its adoption of cloud is widely accepted. A report commissioned by Cordys has reinforced this notion further, highlighting that smaller companies in the UK are falling behind not just in terms of cloud but in all areas of IT, with adoption rates of new IT among mid-sized businesses in the UK approximately 18 per cent lower than in large enterprises.
A big driver behind cloud adoption - explaining why a company would go through all the bother of worrying about security, disaster recovery and all these aspects of using the cloud - is cost savings, followed by flexibility. SMBs will quite rightly worry that the economies of scale the cloud promises to bring might fail to materialise for smaller-scale businesses, and this is a valid cause for concern.
While cloud can be cheaper than existing IT systems, this will not always prove to be the case, and businesses must look at the bigger picture in order to make an informed decision.
Another key concern for UK SMBs with regards to cloud adoption is questions surrounding data and security. In our experience, the biggest, thorniest and least understood question about cloud security is who is responsible.
When it comes to adopting cloud, we're talking primarily about the public cloud. The move to creating private or internal clouds is a separate question, and more a continuation in cloud adoption. However, using public cloud requires taking a bit of a leap and asking where the data resides and how you should protect it.
Using a public cloud service comes with its own security risks, not all of which are typically covered by cloud service agreements. The ultimate responsibility for safeguarding data remains with its owner, not with those whose job it is to store and process it. I would encourage all SMBs not to put all their eggs into one basket here, and to ensure that data in the cloud is also securely backed up.
A good single comprehensive security technology can provide the same, or even a better, level of security for deployed virtual machines as legacy solutions, while avoiding a lot of the expense of time, money and computing power. In other words, it adds value from the start. Of course, there are other aspects to public cloud migration, such as ensuring the security of client data in transit and in storage.
What cloud security covers today is the key security concerns - looking for malware, ensuring that systems have not been compromised and that there is nothing on there that could be leaking data.
In order to make a rational decision about whether the cloud is right for any particular SMB customer, it is important to be educated about the risks of cloud computing. Yet it is hard to say if businesses are educable in any meaningful sense.
At this time, there is a significant deficit of cloud security expertise but certainly - as cloud adoption increases and the market stabilises - the available body of knowledge will also expand. On the other hand, products and services that fail to deliver will naturally fall by the wayside, so the quality of available products should improve for businesses too as the technology matures.
My number-one tip is for organisations to avoid using cloud or considering cloud purely for the sake of it - they first and foremost must understand what their objectives are. Business customers must understand what their primary goals are - whether it involves flexibility in delivering service to their customers or employees, cost savings, security or another driver.
A clear view of this will, in turn, tell them what to look for, and whether cloud adoption really is the solution for which they have been searching.
Catalin Cosoi is chief security strategist at Bitdefender and managing director of SC Cognibear