Cloud computing concerns abound in SMBs, survey finds

Cloud computing concerns among SMBs are the reason why the companies are hesitant to lean on managed security services.

A recent survey of small- to medium-sized businesses (SMBs) indicates that those organisations are unfamiliar with cloud-based security services, and are generally unwilling to move away from in-house systems.

Small companies -- those with 10 staff members or fewer -- are the most resistant to any kind of hosted service, with many citing high costs and vendor lock-in as important cloud computing concerns.

The study was carried out in April 2010 by Kent-based Redshift Research Ltd. on behalf of Malta-based security company GFI Software Ltd. Researchers interviewed 250 people in charge of IT at companies employing fewer than 250 people. Around 150 of the respondents, especially those in smaller companies, were not specifically security professionals and just had IT as part of their overall responsibilities in the business. In companies employing fewer than 10 people, only 11% of respondents were dedicated IT professionals, while the figure was 57% for companies with 10-99 employees, and 66% for companies with 100 to 249 employees.

The study found that jargon tends to create a big barrier, especially for non-IT specialists. For instance, while 50% of these non-IT specialists said they have never heard of cloud computing, only 15% were ignorant of managed services, and only 11% had not heard of hosted services.

More on cloud computing

Cloud computing compliance: Exploring data security in the cloud

Cloud computing risks outweigh benefits, survey finds

"Given that these terms are practically synonymous," the report asked, "is there too much emphasis on jargon, and not enough on the basic components of cloud-based services?"

Redshift's Guy Washer, the author of the report based on the survey, said that companies with more than 100 employees tend to have dedicated IT professionals and that these people were much more aware of the various types of outsourced service models.

However, taking the 250 interviewees as a whole, vendor lock-in was cited as the biggest disadvantage of using a managed service (i.e. small companies not being able to switch to another supplier or to an in-house system with ease), followed by security concerns. Most (56%) of the companies that didn't use managed services claimed their current in-house systems did the job, and they had no need to change.

Despite the apparent lack of understanding, the survey discovered a higher rate of adoption than the level of awareness would suggest. "While only 39% of sub-10 employee companies have adopted the [hosted/managed] model, over 85% of companies with over 100 employees are using managed/hosted services in some form -- albeit in the main basic services such as email filtering, antispam and antivirus," the report said.

For those undecided about the value of cloud-based security services, 43% said better pricing and vendor terms might assuage their cloud computing concerns, and 40% said they wanted no lock-in or long-term contracts.

The advantages of moving to some form of managed service were clear to all those interviewed. The biggest factor, quoted by 77%, was the expertise of the provider's staff. Lower operating costs and accountability of the service also scored highly.

However, many companies that have adopted managed services reported unexpected downtime and difficulty in contacting suppliers. The more complex the service, the more likely problems would occur: 64% of those using a managed access control service had downtime problems, while only 37% of those using email archiving reported problems.

The report concluded that the IT industry needs to recognise the lack of end-user understanding and the resistance to current pricing and contract models.

Its advice to SMBs is to not get tied into long-term contracts and to retain business flexibility. "This model is the future and will deliver clear financial and operational benefits, but it is a big step and one that requires serious consideration," the report advised. "By taking the hybrid approach and using an incremental adoption of cloud-based service, organisations can begin to explore the options and gain financial benefits without incurring business risk."

Read more on Cloud security