As the demand for everything-as-a-service (XaaS) grows, it’s imperative that organizations focus on data security. Some security-savvy enterprises are already leading the way in choosing trustworthy XaaS vendors and establishing strong processes and policies to deal with data security.
Many technology companies are shifting to a service-based model for providing products and capabilities, with some major players planning to transition the bulk of their portfolios over the next few years.1 At the same time, many leaders across industries are moving from traditional IT to everything-as-a-service (XaaS) for improved agility, new capabilities, and better management of capacity and costs.2 They view XaaS as critical to their digital transformation and to creating new solutions and business models—with cloud as the preferred platform for enabling XaaS and spurring innovation.3
To understand how companies are adopting service-based IT, including their objectives, outcomes, and challenges, Deloitte surveyed 600 IT and line-of-business professionals responsible for XaaS at US organizations.4 Three-quarters of our respondents reported that their organization already runs more than half of its enterprise IT as-a-service.5 According to these leaders, the biggest challenge to scaling up their use of XaaS involves data security and privacy concerns—the same obstacle that topped adoption challenges in our 2018 XaaS study.6
With so much IT shifting to the cloud, organizations could be wise to focus on security. According to a 2021 report, 73% of cybersecurity incidents involve external cloud assets (vs. on-premise assets), and there are signs that cloud security incidents are increasing.7 Cloud data breaches can have serious consequences, including regulatory and legal problems, response costs, reputational damage, and even erosion of market value. According to another analysis, the average cost of a data breach incident in 2021 was US$4.24 million, a 10% increase over 2020.8
Are any enterprises cracking the code for mastering data security with XaaS and cloud? Fortunately, yes—and others may be able to follow their lead. Our analysis suggests there’s a group of “security-savvy XaaS adopters”—companies that not only feel they have established adequate processes and policies to deal with data security, but have also chosen XaaS vendors that can satisfactorily deliver strong data security and privacy safeguards. Nearly one in five (19%) of the professionals we surveyed in our XaaS study represent these security-savvy companies, which are more confident about keeping a wide range of enterprise data—even highly sensitive data—entirely in the cloud (see figure).
Security-savvy XaaS adopters have a differentiated approach to managing XaaS security and compliance:
To provide a differentiated, higher-value customer experience, cloud and XaaS providers should strive to help their customers become more like the security-savvy XaaS adopters.
Deloitte’s Technology, Media & Telecommunications (TMT) industry practice brings together one of the world’s largest group of specialists respected for helping shape many of the world’s most recognized TMT brands—and helping those brands thrive in a digital world.