In early 2016, Nemertes Research conducted its annual study of the total cost of ownership for unified communications, based on data gathered from more than 500 end-user organizations. In that study, the organization found that around 39% of participants were using, or planning to use cloud-based telephony and platforms for unified communications as a service. Those most aggressively adopting such services were typically smaller companies doing so to save money and to avoid having to manage their own communications platforms. Those not using or planning to hire UCaaS providers largely cited security concerns as their biggest inhibitor. The belief to many was that cloud services just weren't as secure as on-premises platforms, or that cloud services couldn't meet corporate information protection requires.
Fast forward to 2017, and the view toward UCaaS security has drastically changed in a very short time. In follow-up conversations -- with dozens of senior IT executives from a variety of industries -- Nemertes found that 44% considered cloud services more secure than their on-premises platforms. Just 18% said their own on-premises systems were more secure; the remaining 38% either said it depended on the app or there was no difference between cloud and on-premises systems. Of those in Nemertes' 2017 UC total cost of ownership study still not adopting UCaaS, just 42% cited security concerns as their primary inhibitor, down from 61% in 2016. Twenty-one percent of those adopting UCaaS specifically cited the ability of UCaaS providers to address security concerns as being a primary driver for shifting to the cloud.
Security: Suddenly a cloud enabler?
When one does the math, it's not difficult to see how security is becoming a cloud enabler rather than a hinderer. In Nemertes' 2016 research on IT budgets, it found that the average overall IT budget was increasing by around 1% to 2% a year. Meanwhile, spending on IT security was rising by 12% to 14% per year. Plot these lines out a few years, and at some point, security takes up most, if not all, of the IT budget, eliminating availability of funds for digital transformation, user awareness and adoption programs, and investment in new collaboration and communications capabilities. If organizations want to make IT a competitive differentiator, they must reduce the size of the slice of the IT budget pie that security consumes.
As a result, UCaaS providers -- and vendors of other cloud services -- now see security as both an opportunity and a means to differentiate themselves from their competitors. Increasingly larger providers of cloud infrastructure as a service and platform as a service -- like Amazon, Google, IBM, Microsoft and Oracle -- tout their security investments and their ability to meet government and industry certification standards for information protection. Some collaboration and UCaaS providers are moving to encryption models that allow customers to hold their own encryption keys, meaning that cloud-based providers have no means to access customer information, even if provided with a court order. IT buyers I speak with often now accept that a cloud provider will have more resources, more expertise and more incentive to protect against an attack than private organizations who may not have to publicly disclose a breach and whose business model isn't based on selling trustworthy information services.
If security concerns have held you back from moving to the cloud, it's time to revisit both your posture and the capabilities of cloud providers. Pay special attention to how your own security and IT budgets have changed, and ask yourself if you can continue to pay your own way for security or if considering UCaaS providers can enable you to meet security requirements while also saving money in both the short and long run.
What's next for as a service offerings? All about UCaaS-to-SaaS integration
What were the biggest UCaaS stories of the past year?
How to get started building a UC strategy