Canadian enterprise slow to address cloud security concerns, despite rapid uptake

Although approximately 60% of Canadian organizations have implemented cloud-based technologies as part of their business operations, 77% of them are not doing enough to properly address cloud security, both on the IT and business fronts.
That’s the finding of the inaugural 2016 Cloud Study released by Toronto-based IT solutions integrator Scalar Decisions Inc. in collaboration with IDC Canada, titled “Moving up the Value Chain: What We Can Learn from Experienced Cloud Users”.
The comparative lack of attention paid to security by Canadian enterprise is seen as an indicator that mainstream adoption of cloud services by enterprise worldwide and in Canada is outstripped by comprehension of the very real dangers posed to business by poor security habits, even in light of several high-profile hacks that have caused significant damage to the reputations and bottom lines of several companies.
“The high adoption of cloud-based delivery tells us that security is not a barrier to cloud, but is still something that needs to be addressed in a vast number of businesses,” said Neil Bunn, Chief Technology Officer, Scalar Decisions. “Utilization and understanding of the cloud is low. Security remains the number one expressed concern across all levels of cloud experience, yet there is an evident disconnect between organizations’ worries regarding cloud security and the actions being taken to mitigate the existing risks.”
The study was drawn up from the results of a web-based survey taken by 355 respondents, conducted between August and September 2016 by IDC Canada.
Of the 355 respondents, 211 were characterized as senior-level IT and business decision makers at Canadian-headquartered organizations ranging in size from 50 to more than 500 employees, as well as 144 screened decision makers from on-premise only organizations that do not utilize cloud IT.
Of the companies that did employ cloud services, 45% of respondents were classified as Novice, 36% as Intermediate, and 19% as Experienced.
The study reveals that 54% of respondent organizations have yet to implement security items such as data classification and accountability, while 57% offer client and end-point protection, 48% offer identity and access management, and 59% offer application-level controls.
The big picture, however, reveals that 48% of organizations surveyed have no formal cloud security policy in place, and that 75% cited security as the number one ongoing post-adoption issue to be addressed, regardless of level of expertise with the cloud.
Companies that decide to take these issues seriously demonstrate that there’s a business case to be made for implementing the key security issues underpinning cloud security.
“Cloud benefits and business value become progressively more sophisticated as organizations’ experience with the cloud increases,” added Bunn. “Viewing cloud security and cloud adoption as non-severable concepts, coupled with investing in a continuous optimization approach in line with the Cloud Experience Model are key factors to achieve success in a rapidly changing marketplace of cloud based services and capabilities.”
Scalar Decisions Inc., an IT solutions integrator based in Toronto, with offices in Montreal, Ottawa, London, Winnipeg, Calgary, Edmonton, and Vancouver, acquired both Thornhill-based technology risk management consulting firm Eosensa Inc. and Calgary-based Mainland Information Systems in 2015.
Founded in 2004, Scalar reported $200 million in revenue during financial year 2015.