There was a time few enterprises would have expected to have their mission-critical applications running in the cloud, but that seems to be changing. Recent research released by SailPoint indicates that one in three enterprise mission-critical apps are currently in the cloud. Perhaps even more surprising is SailPoint expects that ratio to jump up to one in two by 2015.
SailPoint interviewed 200 business leaders responsible for various key business departments and 200 IT decision-makers at businesses with at least 5,000 employees for its 2012 SailPoint Market Pulse Survey.
According to SailPoint, as enterprises continue to adopt the cloud, they are becoming increasingly at risk. Part of this is because even though business users have gained more autonomy to deploy cloud applications without IT involvement (an issue IT departments everywhere struggle with), those same users don't feel responsible for managing access control. Most (70 percent) of business leaders believe that access control is still ultimately responsible for managing user access to cloud applications -- apparently even if they have little say or control over the services being used. Can you hear that sound? It's the sound of a million IT pros facepalming at the same time.
Of course, the ridiculousness of the idea doesn't do anything to change the fact that it's a constant problem IT departments, whether internal or outsourced, are facing on a daily basis. But wait, it gets worse. Of the business leaders surveyed, 14 percent admitted they have no way of knowing if sensitive data is being stored in the cloud at all.
Although many cloud vendors tout the security capabilities of cloud and the fact that many cloud platforms are actually more secure than traditional on-premise IT, human error can still create a mess.
SailPoint's interview questions for the report seem to be based mostly around perception, so what is actually taking place could be a little off. Still, there is some real evidence that mission-critical apps are being pushed more and more to the cloud -- even by SME and large enterprises. Oracle, SAP and other big ERP application vendors seem to be gaining momentum in the cloud, and they have managed to sell their customers on the value of hosting such mission-critical applications in the cloud.
Businesses are not without their concerns about the security of mission-critical apps in the cloud, though. Kevin Cunningham, SailPoint's president, noted in a prepared statement: "For the third year in a row, our Market Pulse Survey shows that the majority of large companies remain very concerned about security breaches and their ability to meet regulatory compliance requirements."
The consumerization of IT, BYOD and "bring your own application" (BYOA) trends also play a big role in security concerns because, far too often, businesses have no idea exactly where all of their sensitive data is being stored or where it might be in the world.
"As organizations adopt cloud applications, they are very likely to increase their risk exposure by putting sensitive data in the cloud without adequate controls or security processes in place," said Jackie Gilbert, vice president and general manager of SailPoint's Cloud Business Unit, in a prepared statement.