Comparing cloud use in the U.S. and Europe

Thursday - 8/5/2010, 12:23pm EDT

Larry Ponemon and Lena Leverti

Click to hear the interview

Download mp3

Who’s using cloud more — the U.S. or Europe? What are the biggest concerns when it comes to security on both sides of the Atlantic? Should you be developing a cloud strategy now, or should you wait until next year?

These are some of the questions that the Ponemon Institute and CA Technologies posed in a recent survey of IT professionals.

Today we talk with Larry Ponemon, chairman and founder of the Ponemon Institute, and Lena Leverti, vice president of products at CA Technologies, who explain their results for us.

LP: In our experience, there are a whole bunch of interesting security topics, but what seems to rise to the top of the security heap in terms of risk and potential problems is, in fact, the cloud computing environment, which is very quickly becoming the standard for organizations — not just small and medium sized companies — but much, much larger companies, as well.

LL: One of the key things is that, as companies start adopting cloud, they’re basically giving up some of the control that they have. When they technology is within their own organization, they control it directly, so one of the biggest hurdles that’s viewed around cloud adoption is definitely security.

FCB: Who did you survey and why did you pick that group or groups?

LP: Well, the appropriate groups for this study are folks in the IT community and, more specifically, people who know something about information security. When you do a study like this, you quickly find that people wear many hats, and so many of the respondents were IT practitioners, but every respondent at least touched some aspect of information security, including network security systems, and a whole bunch of other related areas of expertise. This study is not just the U.S. only; [it] was also conducted in tandem with a group of practitioners in Europe, as well. I think that actually generated some interesting differences between the two groups.

LL: There were about 600 folks that responded to the survey.

FCB: What were some of the key findings?

LP: Probably one of the most interesting and important findings is that the respondents — these IT practitioners in both the U.S. and Europe — basically don’t have confidence that their organization has the ability to secure data and applications that are presently deployed to the cloud. So, they basically see some very significant security risks that exist today and maybe loom large on the horizon. We also found that IT practitioners in the U.S. and Europe hold relatively similar views on the reasons why cloud computing is so fashionable and so popular and so important, because it’s really about cost savings, and it’s also about speed to deploying new applications. So, even though we may say, ‘gosh, there’s a huge security risk,’ the reality is that cost and speed to deployment are probably much more important to end users.

LL: And one of the biggest challenges that came out in the survey results was that half of the respondents basically said that they’re not aware of all of the computing resources deployed via the cloud in their organization today. So, if you’re not aware of it, you really can’t secure it.

FCB: One of the things that I noticed first and foremost is the fact that you define cloud computing. When you were talking to people in the U.S. and Europe, did you notice that there was maybe a difference in the definition of cloud computing?

LP: We expected that there would be differences, and, in fact, the perception of cloud computing and what a cloud computing environment is was pretty consistent — more consistent than our . . . expectation. But I will say that, in both the U.S. and Europe, there’s confusion about private clouds and what these really mean. Is a private cloud a more secure version of a public cloud? Or, is it just simply on-premise computing where you’re using extensive virtualization? So, if there is any confusion in the marketplace, it’s probably around the private cloud environment. But, public clouds are generally well understood and the definitions are generally agreed upon.

FCB: Speaking of differences across the pond, did you find any differences between who’s using cloud in the U.S. versus who’s using cloud in Europe, especially in terms of government entities?

LL: We did. Some of the [respondents] are, in fact from the public sector and public organizations, and it is clear that public sector organizations are using cloud computing resources, perhaps not to the same extent as commercial organizations, but definitely the trend is that the government is, in fact, a very large — and potentially larger — user of cloud computing resources, because obviously it’s about cost, and governments . . . are trying to control them. One way to do that is to make sure that [they are] using the most efficient technology. But, it does create that security risk. We did see some differences in the rates of deployment between the U.S. and Europe and, in fact, the rates of deployment in the U.S. are higher than Europe, generally speaking. That’s not just for software-as-a-service, but it’s also for platform services and infrastructure services.