Article
3 minute read 27 January 2022

How enterprises can lead the way on cloud data security

Security-savvy enterprises approach everything-as-a-service differently

Susanne Hupfer

Susanne Hupfer

United States

Sayantani Mazumder

Sayantani Mazumder

India

Faruk Muratovic

Faruk Muratovic

United States

As the demand for everything-as-a-service (XaaS) grows, it’s imperative that organizations focus on data security. Some security-savvy enterprises are already leading the way in choosing trustworthy XaaS vendors and establishing strong processes and policies to deal with data security.

Many technology companies are shifting to a service-based model for providing products and capabilities, with some major players planning to transition the bulk of their portfolios over the next few years.1 At the same time, many leaders across industries are moving from traditional IT to everything-as-a-service (XaaS) for improved agility, new capabilities, and better management of capacity and costs.2 They view XaaS as critical to their digital transformation and to creating new solutions and business models—with cloud as the preferred platform for enabling XaaS and spurring innovation.3

To understand how companies are adopting service-based IT, including their objectives, outcomes, and challenges, Deloitte surveyed 600 IT and line-of-business professionals responsible for XaaS at US organizations.4 Three-quarters of our respondents reported that their organization already runs more than half of its enterprise IT as-a-service.5 According to these leaders, the biggest challenge to scaling up their use of XaaS involves data security and privacy concerns—the same obstacle that topped adoption challenges in our 2018 XaaS study.6

With so much IT shifting to the cloud, organizations could be wise to focus on security. According to a 2021 report, 73% of cybersecurity incidents involve external cloud assets (vs. on-premise assets), and there are signs that cloud security incidents are increasing.7 Cloud data breaches can have serious consequences, including regulatory and legal problems, response costs, reputational damage, and even erosion of market value. According to another analysis, the average cost of a data breach incident in 2021 was US$4.24 million, a 10% increase over 2020.8

Are any enterprises cracking the code for mastering data security with XaaS and cloud? Fortunately, yes—and others may be able to follow their lead. Our analysis suggests there’s a group of “security-savvy XaaS adopters”—companies that not only feel they have established adequate processes and policies to deal with data security, but have also chosen XaaS vendors that can satisfactorily deliver strong data security and privacy safeguards. Nearly one in five (19%) of the professionals we surveyed in our XaaS study represent these security-savvy companies, which are more confident about keeping a wide range of enterprise data—even highly sensitive data—entirely in the cloud (see figure).

Security-savvy XaaS adopters have a differentiated approach to managing XaaS security and compliance:

  • They assume more responsibility for security. Almost half of the executives from such companies (46%) reported that it’s entirely the responsibility of their organization to manage and ensure data security of their XaaS initiatives (vs. 33% of leaders from other companies). They’re also more mindful about regulatory compliance: 56% strongly agree that their organizations have adequate processes and policies in place to deal with regulatory compliance for XaaS (vs. 39% of executives from other companies).
  • They’re more proactive about monitoring security. Two in three executives from security-savvy companies reported that their organizations continually monitor the security of XaaS IT applications and data (vs. half from other companies). Moreover, 65% of the security-savvy companies evaluate their XaaS providers regularly9 to ensure they're meeting data security requirements (vs. 57% of the other companies).

Considerations for TMT executives

To provide a differentiated, higher-value customer experience, cloud and XaaS providers should strive to help their customers become more like the security-savvy XaaS adopters.

  • Become a security partner. The complexity of securing cloud-based IT is likely to accelerate as many organizations turn to a hybrid, multi-cloud, multi-vendor strategy to increase access to best-in-breed technologies, optimize costs, improve resilience and reliability, and minimize vendor lock-in.10 Tech providers can build trust by helping their customers rethink security models and capabilities and take a more integrated approach to cloud and security—for instance, by establishing a cloud security controls framework.11
  • Clarify security responsibilities. Managing the security risks of multi-cloud environments should be a shared endeavor between service providers and user organizations, yet nearly 6 in 10 cloud adopters cite establishing shared security models as a major challenge.12 Service providers can supply their customers and auditors with system and organization controls (SOC) reports to help build risk assurance, but clarifying expectations and responsibilities is crucial.13
  • Continuously assess risks. Cloud providers can help their customers identify and use the right tools to continuously monitor cloud security. For instance, adopters can use comprehensive dashboards to track security of data and applications across several environments, thereby increasing visibility into risks.14 Additionally, advanced security tools based on artificial intelligence and automation can be helpful in sensing threats and responding to them in a timely manner.15

Technology, Media & Telecommunications

Deloitte’s Technology, Media & Telecommunications (TMT) industry practice brings together one of the world’s largest group of specialists respected for helping shape many of the world’s most recognized TMT brands—and helping those brands thrive in a digital world.

Paul H. Silverglate

Paul H. Silverglate

Partner | US Executive Accelerators | Deloitte & Touche LLP

Subscribe

to receive more business insights, analysis, and perspectives from Deloitte Insights