It's hard to see your shadow in the dark. That's what the findings from a new Cloud Security Alliance (CSA) survey, titled Cloud Adoption, Practices and Priorities Survey Report, indicated when it surveyed executives and IT managers. Nearly 72 percent admitted that they did not know the number of shadow IT apps within their organization, but certainly want to.  The survey also highlighted that decisions concerning the security of data in the cloud has shifted from the IT room to the boardroom, with 61 percent of companies indicating that executives are now involved in such decisions.

"As companies move data to the cloud, they are looking to put in place policies and processes so that employees can take advantage of cloud services that drive business growth without compromising the security, compliance, and governance of corporate data," said Jim Reavis, CEO of the CSA.  "We hope that this report provides companies with some good peer insight so that they can make better decisions to help confidently and responsibly accelerate the use of cloud services in their environment."

The Cloud Adoption, Practices and Priorities Survey Report includes responses from more than 200 IT and security professionals varying in company size and industries from the Americas, EMEA and APAC regions. Sponsored by Skyhigh Networks, the Cloud Visibility and Enablement Company, the survey aims to uncover how companies are currently approaching the cloud, including views on Shadow IT, obstacles preventing cloud adoption, and security priorities. In conducting the survey, the CSA also aimed to gain better knowledge of how IT teams are balancing the need to partner with business users to enable them with SaaS apps while also enforcing corporate security, compliance, and governance policies.  Lastly the survey also sought to understand perception versus reality by contrasting access policies for popular cloud services with actual data on block rates across networking infrastructure.

While security of data remains a top barrier to cloud adoption, organizations are still moving forward in adopting cloud services, with 74 percent of respondents indicating they are either moving full steam ahead, or with caution, in the adoption of cloud services. Respondents from APAC indicated the highest level of adoption plans.  However, 34 percent of respondents indicated that a lack of knowledge and experience on the part of IT and business managers was a main reason for slow or lack of adoption.

When it comes to policies and procedures for managing cloud adoption, large enterprises have the most in place. Companies with more than 5,000 employees are more likely to have a cloud governance committee (35 percent versus 12 percent), have a policy on acceptable cloud usage (61 percent versus 45 percent), and have a security awareness training program (26 percent versus 20 percent) compared to companies with fewer than 5,000 employees.

However, large enterprises, are more hesitant when it comes to investing heavily in cloud services, with only 36 percent of them spending more than 20 percent of the IT budget on cloud services, compared with 49 percent of companies with fewer than 5,000 employees.   

In general, business users regularly demand cloud services, with 57 percent of respondents indicating they receive between one and 10 new cloud service requests each month.  And while 62 percent of respondents indicated that they do not block cloud services, the top services block by regions include cloud storage providers and social networking sites.

"The past few years have marked a paradigm shift in IT's role, from provider to enabler," said Rajiv Gupta, CEO of Skyhigh Networks. "This survey, the largest of its kind, illustrates that companies are aware of the consumerization of IT but have room to more proactively address the security concerns of cloud adoption."