Many companies are reluctant to put applications with sensitive data in the cloud. In the U.S. and Europe, the applications least frequently shifted from on-premises computers to the cloud were those that compiled data on employees (e.g., payroll), legal issues (legal management systems), product (pricing and product testing), and certain customer information (e.g., customer loyalty and e-commerce transactions). Still, some companies had shifted applications with customer data to the cloud, especially in customer service, and many planned to shift a number of customer-related applications to the cloud by 2014.
In the previous section, we mentioned that across all four regions of the world, companies were in most cases putting the largest share of their cloud applications budgets in marketing, sales and service. Yet in spite of that, many companies appear to be staying clear of putting sensitive data into cloud applications.

We found this to be the case in looking at other data in our survey. In the U.S. and Europe (where we had large-enough sample sizes to explore what applications companies had in the cloud in each of the 10 core business functions), we found that the applications that were most frequently shifted from on-premises computers to the cloud were those that typically do not have highly sensitive information on employees, customers, new-product plans, and other data that companies go to great lengths to protect (see Exhibit VI-1).

In the U.S., when we looked at the applications that were least frequently shifted to the cloud from on-premises computers, several of them were applications that often store highly sensitive data:

  • Legal-related – legal management solutions (which can contain the status of lawsuits against a company)
  • Employee-related – compensation planning (employee salaries) and payroll/time and attendance systems (which, of course, in the U.S. can have Social Security information)
  • Product-related – product testing systems (which often compile data on product efficacy and of course reveal a company’s product launches), and pricing and promotions systems (which, in competitors’ hands, can tip off pricing changes)
  • Customer-related — customer loyalty (which can reveal buying preferences), customer/market research applications, E-commerce, and customer analytics — all of which can risk customer privacy and provide competitors with useful targeting information
  • Risk-related – risk assessment and monitoring systems, which compile data on a company’s most vulnerable activities
In all five areas, less than 20% of companies had shifted on-premises apps to the cloud (see Exhibit VI-2).

Still, that doesn’t mean that all customer data is being kept out of the cloud. For U.S. companies’ customer service applications, 42% have shifted customer order-entry systems from on-premises VI-3.)

In addition, the numbers in the chart above indicate that many companies’ fears about putting customer records in the cloud are likely to subside. When asked what customer service applications they expected to be in the cloud by 2014, the majority expected to shift their customer order entry, archives of past customer records, post-sales inquiries and online customer communities from on-premises to cloud-based applications.

In looking at marketing applications, we found such hesitation to put customer data in the cloud looks like it will decline by 2014. At least half of U.S. companies plan to shift customer research, e-commerce, customer analytics and social media data to the cloud by then. And even 39% of companies say they’ll shift customer loyalty systems to the cloud by 2014. (See Exhibit VI-4.)