Survey: Skills Gap, Security Concerns Leave Companies Unprepared for Hybrid Cloud

It’s a chief information security officer’s worst nightmare: their company’s data has been breached. The average data breach will cost a company $4.35 million this year, up 13% from 2020. Even worse, trust in the company’s brand has taken a huge hit—and the company’s own IT staff may have played a role.

The newly released IBM Transformation Index: State of Cloud found that while almost three-quarters of the 3,000 business and technology leaders surveyed agreed that every company needs a holistic strategy to manage their hybrid cloud environments, less than a quarter said that their own company has one.

What’s behind that disconnect?

There is a lack of the right talent with cloud management skills – a deficit that 69% of respondents said is a barrier to better, more-secure cloud implementations.

About 32% of survey respondents—which included CIOs, CEOs CTOs and CISOs from across 12 countries and 15 industries—said that poor security has been the top impediment to advancing and reaping the benefits of hybrid cloud. Over half of the respondents either agreed or strongly agreed with the statement, “The public cloud is not secure enough for much of our data.”

These doubts about cloud security come at a time when hybrid clouds have emerged as the dominant architecture to realize the full potential of a digital transformation. The IBM survey, conducted by The Harris Poll, found that 77% of companies have a hybrid cloud architecture to manage their on-premises computing resources along with their resources in private and public clouds.

“The key value of cloud for businesses is rapid access to innovative technologies, data sources and applications required to navigate current disruptions and transform businesses. No individual cloud can address all of an enterprise’s requirements, so they must be able to use and effectively control hybrid cloud assets across many locations,” says Rick Villars, Group Vice President of Worldwide Research at IDC.

Anecdotally, chief information security officers are more optimistic about cloud security than the broader set of business leaders who replied to the survey.

“The first question I ask when I’m in the room with a CISO is if they think they are more secure with on-premises systems or the cloud,” says Hillery Hunter, General Manager of Industry Clouds and Solutions and CTO at IBM Cloud. “Almost universally, they say that because they can put appropriate protections in place, they believe it is possible to make cloud deployments as secure as their on-premises IT, particularly when they’re leveraging an industry-specific cloud. The same cannot always be said for other business leaders, who sometimes come to the table with the same concerns from years ago despite the progress and innovations that are now in the market.”

The majority of business leaders still have doubts about cloud security. While six in 10 respondents report that their companies use a host of cloud security features—such as multifactor authentication, single sign-on, VPNs and zero-trust procedures—half still say that security is a top concern when migrating to the cloud.

While organizations grapple with security, they are also navigating the challenges associated with complex compliance and regulatory requirements, particularly within highly regulated industries. More than half of respondents believe that in a public cloud, ensuring compliance is too difficult, keeping organizations from realizing the full value of the cloud. This holds true across industries, but particularly within telecommunications, health care and financial services, this barrier holds companies back from achieving their cloud objectives.

As organizations look to overcome security and compliance challenges, most companies are hiring to try to fill the cloud skills gap. About 71% of global surveyed executives say their companies are creating cloud positions; in the US, that number jumps to nearly 80%. It’s a difficult task, given that cloud skills are as much about business as they are about technology.

“Organizations need to hit the skill trifecta—the right skills to envision a transformation, to execute it and to operate the resulting environment in the most secure way possible,” says Hunter. “Adopting hybrid cloud is not just a conversation about leveraging technology. It’s a bigger conversation about enabling the digital transformation of your company.”

“Companies simply do not have enough talent with the appropriate skills to design and run a hybrid cloud environment, especially when that pool of talent is potentially spread across managing different clouds,” says Varun Bijlani, General Manager of Hybrid Cloud Transformation at IBM Consulting. “To address this holistically, companies should consider leveraging a center-of-excellence construct to incubate and nurture talent with cloud skills, which can then support requests from the CIO and different parts of the business organization.”

Companies are also turning to the expertise of partners. Roughly 64% of respondents agreed that it’s important to integrate ecosystem partners into their cloud environment. Failure to do so could open the door to third- and fourth-party risks. Respondents in all 15 industries and 11 out of 12 countries highlighted cybersecurity as a top challenge when integrating partners in the cloud, with a lack of technical skills following close behind.

“Just getting on the cloud won’t give you business value,” says Bijlani. “It’s all about how you connect your environments, your people and your processes with the business purpose. The move to the cloud is not a destination with a magic fix—it’s a journey and must be done properly and holistically.”

Learn more about the IBM Transformation Index: State of Cloud.

Methodology

The survey was conducted online by The Harris Poll on behalf of IBM from June 8 to July 17, 2022 in 12 countries: Australia, Brazil, Canada, China, France, Germany, India, Japan, Singapore, Spain, the United Kingdom and the United States. There were 3,014 IT and business professionals who responded. They work in companies with annual revenue over $500 million, across 15 industries: Automotive, Chemicals, Consumer, Electronics, Energy/Utilities, Financial Services, Government, Healthcare, Industrials, Life Sciences/Pharmaceuticals, Manufacturing, Media/Entertainment, Petroleum, Telecom and Travel & Transportation.