Cloud computing is increasingly being adopted by companies around the world, but IT managers say "rogue cloud implementations" in which business managers sign up for services without getting IT approval is among their biggest challenges.
This is according to a survey on avoiding hidden cloud costs that was sponsored by Symantec with interviews and polling done by ReRez, in which some 94% of the 3,236 information-technology managers in 29 countries said their companies either already were using cloud services or discussing how to do so.
Cybercrime attacks on business accounts are dropping
"Rogue clouds" occur if sales and marketing people, for example, order up Salesforce.com without bothering to consult IT or set up Dropbox with outside vendors to share sensitive information. It's happening to three-quarters of those using cloud, according to the survey, and it occurs more in large enterprises (83%) than in small to midsize ones (70%).
"So why are organizations doing it? One in five don't realize they shouldn't," the report says about the "rogue cloud" problem. The report adds they think they're saving money through "rogue cloud" projects and believe "going through IT would make the process more difficult."
On top of having to deal with rogue clouds, 43% of IT managers relying on cloud-based services said they had "lost data in the cloud," meaning they either couldn't find it or had accidentally deleted it, said Dave Elliott, cloud strategist and director of global cloud marketing at Symantec.
This means they had to recover it from a backup, but two-thirds doing this saw recovery operations fail at some point. Of the recovery procedures IT managers had in place, 32% said they found cloud data recovery to be "fast" but 22% said it "can take 3 or more days."
Some 61% making use of backup procedures for the cloud use three or more methods to do this, which Elliott said might be too many. One place where inefficient processes clearly seem to be occurring is in cloud storage, which is quick to deploy and you pay only for what you use. In the survey, the more than 3,000 IT managers, who work in organizations both large and small in North America, Latin America, Asia-Pacific and Europe, acknowledged they saw utilization rates of cloud storage at just 17%.
"There is a tremendous difference in this area between enterprises (which are utilizing 26% of their storage) and SMBs (which use a shockingly low 7%). This is a costly mistake, as organizations are paying for roughly six times as much storage as they actually need," the survey report states.
"They're overprovisioning cloud storage," said Elliott. Another facet of the cloud storage issue is that much of the time no deduplication of data is done. About half said they either did "virtually none" or a "small amount." This indicates there's still the need for thinking through cloud-storage processes to optimize the benefits, said Elliott, saying Symantec recommends deduplicating data in the cloud.
Other points of concern revolve around legal issues, such as requests for electronically stored documents that are demanded for what's known as "e-discovery" purposes in court or otherwise. The survey shows that 34% have had e-discovery requests for cloud data in the past 12 months, but of these, 66% admitted they had missed the deadline at some point and 41% said they were simply unable to do it at all and never found the requested information. This could potentially lead to fines or otherwise complicate legal situations for their organizations.
Another issue the survey asked about, managing cloud-based SSL certificates, revealed a mixed bag of activity. About a quarter of the IT managers said they thought it was "easy," but 8% "don't even try." Elliott said he doesn't know if that suggests that some companies simply are better organized to manage SSL certificates overall in the enterprise or the cloud. However, "organizations are responsible for managing their own certificates," he said.
In its recommendations for better use of cloud, Symantec said the first thing is focusing on policies and the individuals who all have a stake to make it work, rather than merely the technologies and platforms.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.