Cse Sme Survey

7/27/2019 Cse Sme Survey

1/12

1

Cloud Computing and SMEs in UK

A report from the Cloud Stewardship Economics Project Group sponsored by Technology

Strategy Board

List of contributors

Iffatt Gheyas University of Aberdeen

Bruce Hallas Marmalade Box

All members of the Cloud Stewardship Economics Project.

About the Survey

As part of the Technology Strategy Board funded collaborative research project Cloud StewardshipEconomics, we are running an online survey from January, 2011 to provide a snapshot of the

current attitudes and behaviour of small and medium-sized enterprises (SMEs) in the UK towards

cloud computing. We have received over 90 completed surveys so far and these results are based

on an analysis of those responses. The project team would like to thank all survey respondents for

their time and efforts.

Executive Summary:

Informationtechnology (IT) has a key role to play in driving innovation and competitivenessfor small and medium-sized businesses (SMEs/SMBs)]. Cloud computing provides on-

demand IT infrastructure and applications delivered over the internet via a subscription

based cost model. Cloud computing when adopted strategically should empower companies

to improve their overall operations, streamline processes, and cut costs to be more effective

and competitive in their respective markets. In this report, we explore fresh insights about

the adoption and use of cloud computing in SMEs. Key findings from this research include

the following:

SMEs with a relatively low annual turnover of under 100k are relying more heavily on

IT & cloud computingto sustain and growthan any other organizations. Priority areas for IT investment (a key strategic resource) are Operations, Marketing

and Sales.

All respondents hold access or process personal and commercially sensitive

information about their clients or clients customers.

In most SMEs, Director/ Chief Executive/Business Owner is responsible for information

security and for identifying threats. It means that SMEs are fully aware of the

importance of cyber security and understand the concerns of various governments and

customers about security.

Our brief survey suggests that, in spite of their awareness of the prevalence of

information security risks and its impact on the business, most of them are not followingthe IT security best practices. Almost half of the small local businesses with annual


2/12

2

turnover less than 100k do not have an information security policy. A significant

majority of the SMEs surveyed do not have a business continuity policy plan and have

never assessed the impact of a breach of confidentiality and/or availability would have

on their businesses cash flow, profitability and reputation. Most respondents choose

price over security.

The majority of respondents see Data Retention Policyand Terms & Conditions of

Supply as the most important criteria for the BPO vendor selection process.

. An overwhelming majority of respondents, regardless of class characteristics, view

Legal system which governs SMEs relationship with their supplier as the most critical

success factor for IT outsourcing.

Companies with higher earnings prefer single vendor solutions, while companies with

lower earnings prefer multi-vendor outsourcing

Introduction

Cloud computing is a term used to describe the Internet as a system of delivering

information, software and other services on-demand [1]. It is a new form of traditional IT

infrastructure outsourcing. Cloud services are software as a service (SaaS), platform as a

service (PaaS) and infrastructure as a service (IaaS). In simplest terms, SaaS refers to

delivering a single piece of software (such as CRM and ERP) to many users. PaaS refers to

a set of lower-level services such as operating system or computer language offered by a

cloud provider, on which developers can build custom applications. IaaS refers to server,

storage, and networking hardware delivered as a service. Cloud computing holds a

tremendous promise for small and medium-sized businesses [2, 3]. The dramatic benefits of

cloud computing offerings include lower and more predictable costs: pay as you go,

avoidance of capital outlays: no hardware investments or software licenses, faster

implementation, dynamic scalability and flexibility: the benefit of being able to access data

and applications from anywhere with an internet connection. However, there are also

potential disadvantages. Disadvantages of cloud computing include lack of support, privacy,

speed and security, as well as fewer features and the need to have an internet. These

limitations must be considered carefully by SMEs if it is to be used effectively.

Demographic Profiles of Respondents to the Cloud Stewardship Economics Survey

A total of 93 SMEs responded to the survey. The total sample size comprises six groups of

SMEs based on annual turnover, number of employees, age of SME, number of operating

locations of SME, operating across national borders and operating locations outside of the

EU/EEA (Figure 1 and Appendix table 1). Group A consists of 27 micro businesses less

than 6 years in operation with annual turnovers less than 100k and with 5 or fewer

employees. These companies are generally operating in only one location. The highest

number of respondents (about 29%) falls in this group.

The remaining respondents were almost equally distributed across the other five groups.

Figure 1 gives the percentage frequency distribution of respondents across groups, while


3/12

3

Figure 2 shows the frequency distribution. The companies of Group B are older than 6

years (which is the only difference between Group 1 and Group 2).

Group C is a strange paradox. This group, like the first two, has annual turnovers less than

100k. These companies are less than 6 years old, but have more than 5 employees. These

are the multinational companies operating across the EU and outside the EU.

SMEs of the last three groups (Group D, Group E and Group F) have the following

featuresare older than five yearstheir estimated annual turnover to be equal to or

greater than 100kmore than 5 employees (except in Group D)operating in a single

location. The demographic characteristics of the groups are presented in Appendix Table 1.


4/12

4

The size of the group does matter. Hence, we rearranged six small groups into three larger

classes: Class 1 (consists of groups A and B), Class 2 (contains group C), and Class 3

(groups D, Eand Fbelong to Class 3). Figures 3 and 4 respectively show the percentage

frequency distribution and the frequency distribution of respondents across classes. The

total numbers of respondents were 40 (43% of the total number of respondents), 14 (15% of

the total number of respondents) and 39 (42% of the total number of respondents) for Class1, Class 2, and Class 3, respectively. Local businesses with an annual average turnover

bracket below 100k fall into class 1, while local businesses with higher annual turnover

ratios belong to Class 3. The SMEs of class 2 are multinational and the worst annual

turnover rangers.

Using the responses from these three classes, we sought to explore potential links between

SME attitudes towards cloud computing and business performance.


5/12

5

Information Technology (IT) Usage and Cloud Adoption among UK SMEs

There is a general agreement that SMEs could benefit from IT investment. According to our

survey, class 3 (the firms with a relatively higher annual turnover and many employees) is

the least dependent on information technology. Only 17% of this group indicated that they

were investing in IT at a fixed frequency (Figure 5) and their reporting investment frequencyis half-yearly or less than that (Figure 6). By contrast, Class 1 and Class 2 that have a low

annual turnover are heavily dependent on ITrelated functions. Nearly 67% of respondents

of Class 1 indicated that they had a fixed frequency for IT investment and the frequency of

investment is usually quarterly. Class 2 is by far the largest user of Information Technology.

Survey respondents within this group usually invest in IT on a monthly basis and all

respondents of this group are using cloud computing services. Perhaps this helps explain

the paradox concerning class 2. The Class 2 SMEs are young (less than 6 yrs old). They are

in growth stage. The cloud computing presents them an opportunity to expand their

businesses beyond the traditional markets at a minimal cost. During this stage the firm aims

to create awareness of the product among the customers and try to create demand for theirproducts or services. In this stage, if the firm is successful in the market, growing demand

will create future sales growth. Not surprisingly, these firms favour Marketing as a priority

area for IT investment (Figure 8).

Class1 is the laggard in terms of both business expansion factor and annual turnover. In this

group, all respondents who regularly invest in IT are utilizing cloud computing, while

approximately 75% of the respondents with variable frequency investments are using cloud

solutions to reduce cost (Figure 7). Figure 8 shows that achieving operational efficiencies is

a key area of focus for these firms. There might be little room to raise prices due to fiercecompetition and that cost reduction is the only path to profit improvement.

Class 3 is the most solvent group among our survey participants. When it comes to IT

investment, Sales is regarded as a high priority by this group of firms (Figure 8).Within this

group, all the respondents who are on fixed-rate investments and about 34% of the

respondents who are on variable-rate investments are using traditional IT technologies

(Figure 7). These firms are relatively older than others we have surveyed. Their brands are

strong and many of them have been using in-house IT systems for many years. Hence they

are not that keen on switching to the newer model.


6/12

6


7/12

7


8/12

8

IT Security Strategies for SMEs

As SMEs are leaning more on their information technology, they must prioritise IT security.

This study offers exploratory insights into the differences in IT security strategies among

SMEs of different composition.

All respondents of Class 1, Class 2 and Class 3 hold access or process personal and

commercially sensitive information about their clients or clients customers.

The majority of the respondents, regardless of whether they were in Class 1, Class 2 or

Class 3, said Managing Director/ Chief Executive/Business Owner is responsible for

information security within their organization (Figure 9). Most of the respondents in

Class1 and all of the respondents in Class 2 and Class 3 stated that Managing

Director/Chief Executive/Business Owner is responsible for identifying threats (Figure

10). These are good signs because it means that SMEs understand that information

security is of paramount importance to the business


9/12

9

However, the survey also reveals a gross neglect of IT best practices by SMEs.

Almost half of the respondents of Group1 do not have an information security policy.

All of the respondents of Class 1 and more than half (58%) of the respondents of

Class 2 do not have a business continuity policy or plan. About 79% of respondents

of Class 1 and around 16% of respondents of Class 2 have never assessed the

impact a breach of confidentiality and/or availability would have on their businesses

cash flow, profitability and reputation. All of the respondents of Class 1 and Class 2

and majority of the respondents (about 89%) of class 3 do not assess potential risks

posed by a third party supplier when choosing the outsource vendor. A vast majority

of the respondents (nearly 85% of respondents from Class1, about 69% of

respondents from Class 2 and about 73% of respondents from Class 3 stated that

they put price of IT vendors offering over information security.

Perceptions of risk and threat

One of the most critical steps in outsourcing isvendor selection. Respondents were

asked to identify the most important vendor selection criteria from the following list:

(1) Terms & condition of supply, (2) data protection clauses, (3) other data security

clauses, (4) termination of contract, (5) data retention policy, (6) jurisdiction clauses,

(7) technology deployed, (8) information and/or IT security standards implemented

by supplier, (9) right to audit a supplier, (10) we dont look for such information.

69% see Data Retention Policy and Terms & Conditions of Supply as the

most important criteria while seeking vendor for BPO services.

Successful outsourcing is built on sound risk management. There are several key

issues that SMEs should carefully assess as to mitigate the risks associated with


10/12

10

BPO (Business Process Outsourcing).They include the following: (1) legal contract

with vendors, (2) service delivery/resilience/continuity, (3) information confidentiality,

(4) information system security, (5) contractual obligations with customers, (6)

contract termination clauses, and (7) legal & regulatory obligations. Knowing about a

possible threat and understanding how to reduce the risks or potential for harm is

part and parcel of an effective threat management.The respondents were asked toidentify the most critical success factor for an outsourcing deal. Legal system which

governs SMEs relationship with their supplier is rated as the most important criteria

by 64% of the respondents (Figure 12).

Single Vendor versus Multi Vendor strategy in IT Outsourcing

IT outsourcing is a cost-effective solution for todays business organizations. There are two

alternative approaches to outsourcing. One approach is to outsource the entire IT function to

a vendor. The other approach is to outsource different parts of the business to different

vendors. As part of IT outsourcing decision, one very critical consideration is whether toselect single vendor or multiple vendors. Both approaches have their own pros and cons.

The primary advantage of a single vendor strategy is that functionality is well integrated and

the client company can deal with a single IT service provider in addressing problems and

changes. In contrast, a multi-vendor outsourcing approach can help drastically reduce costs,

lower risks and increase operational efficiency. There is no magic formula for choosing the

right IT outsourcing strategy.

The CSE survey shows companies with higher earnings prefer single vendor solutions, while

companies with lower earnings prefer multi-vendor outsourcing (Figure 13).

Further studies are required to find the reasons for these strategic differences.


11/12

11

Conclusion

Our cloud Stewardship Economics survey shows that SMEs with a relatively low

annual turnover are using cloud computing more intensively than SMEs with a higher

level of turnover. However SMEs interested in reaping the rewards of cloud

computing must improve their risk management architecture.

References

1. Straight, R. and Cicciari,M., 2010. An introduction to cloud computing. [Online].

Available at:http://communities.progress.com/pcom/docs/DOC-104550

2. ENISA, 2009. Cloud Computing: Benefits, risks and recommendations for

information security, November 2009. [Online]. Available at:http://www.afei.org/events/0A02/Documents/Cloud%20Computing%20Security%

20Risk%20Assessment%5B1%5D.pdf

3. Leisure,B. and Baroudi, C. 2009. Business adoption of cloud computing: Reduce

cost, complexity and energy consumption. [Online]. Available at:

http://www.cirrusebusiness.com/documents/business-adoption-of-cloud-

computing.pdf
http://communities.progress.com/pcom/docs/DOC-104550http://communities.progress.com/pcom/docs/DOC-104550http://communities.progress.com/pcom/docs/DOC-104550http://www.afei.org/events/0A02/Documents/Cloud%20Computing%20Security%20Risk%20Assessment%5B1%5D.pdfhttp://www.afei.org/events/0A02/Documents/Cloud%20Computing%20Security%20Risk%20Assessment%5B1%5D.pdfhttp://www.afei.org/events/0A02/Documents/Cloud%20Computing%20Security%20Risk%20Assessment%5B1%5D.pdfhttp://www.cirrusebusiness.com/documents/business-adoption-of-cloud-computing.pdfhttp://www.cirrusebusiness.com/documents/business-adoption-of-cloud-computing.pdfhttp://www.cirrusebusiness.com/documents/business-adoption-of-cloud-computing.pdfhttp://www.cirrusebusiness.com/documents/business-adoption-of-cloud-computing.pdfhttp://www.cirrusebusiness.com/documents/business-adoption-of-cloud-computing.pdfhttp://www.afei.org/events/0A02/Documents/Cloud%20Computing%20Security%20Risk%20Assessment%5B1%5D.pdfhttp://www.afei.org/events/0A02/Documents/Cloud%20Computing%20Security%20Risk%20Assessment%5B1%5D.pdfhttp://communities.progress.com/pcom/docs/DOC-104550


12/12

12

Appendix

Appendix Table 1: Profiles of the respondent groups

Features GroupA Group B Group C Group D Group E Group F

Annual turnoverUnder

100k

Under

100k

Under

100k

100k or

above

100k

or

above

100k or

above

Number of employees 1 to 5 1 to 5 above 5 1 to 5 above 5 above 5

Age of SMEUnder 6

yrs

6 yrs or

more

under 6

yrs

6 yrs or

more

6 yrs or

more

6 yrs or

more

Number of operating

locations1 1

more

than 11 1 1

Operating across

national borders No No Yes No No No

Operating outside the

EU/EEANo No Yes No No No

Cse Sme Survey

Documents

Transcript of Cse Sme Survey