What they do today
Cloud-powered companies think about the specific, potential risks that cloud poses throughout all stages of transformation projects. Across all eight dimensions we evaluated, they are more advanced than other companies when it comes to adopting leading practices. For example, they are more likely to have dedicated resources devoted to cloud governance, formal and distinct cloud controls, and robust evaluations of shared responsibility with CSPs. In their efforts, they focus on a range of issues, including cybersecurity, data privacy and compliance. Beyond such specifics, it can be helpful to communicate and educate the rest of the C-suite and board on how relevant risks related to the technology, data, transactions and adoption are identified and addressed.
4. Focus on trust and controls
Designing trust into cloud projects should naturally extend to all transformation initiatives. This includes more forward-looking areas such as the metaverse and web3, which are the basis for the next wave of innovation and differentiation. Many leading companies are looking at how existing risk frameworks can be extended to these new areas. They’re also engaging with others in their industry or more broadly to help define their responsible use.
Where they’ll focus next
We have resources dedicated to cloud governance
more mature when it comes to cloud governance
2X+
Q: . How would you assess the maturity of your company’s cloud controls across the following areas? (Response to 'Have already implemented')
Source: PwC 2023 Cloud Business Survey, January 2023: bases: 838, 95
Between October 25, 2022 and November 18, 2022, PwC surveyed 1,010 US business executives. Respondents were from public and private companies in six major industries: financial services (24%); industrial products (20%); consumer markets (12%); health (12%); energy, utilities and resources (12%); and technology, media and telecommunications (20%).
About the survey
How we define cloud-powered
See all eight dimensions
Cloud-powered companies
Other companies
We have an established cloud governance, risk and controls framework
Shared responsibilities with cloud service providers around managing controls and risk
82%
80%
78%
33%
35%
31%
Cloud-powered companies are the 95 companies that fall within the top 10% when sorted using our cloud success index. The index is calculated using answers to the following question: Which of the following best describes how cloud technology is, or is not, delivering measurable value in your organization? For each of the 12 metrics (e.g., cost savings, improved profitability, improved resilience, improved decision-making, etc.), the following scoring mechanism is used: 100 points where they have “already achieved measurable value,” 50 points where respondents “expect to achieve measurable value in the next 12 months,” and 0 points where they “do not expect to achieve measurable value in the next 12 months.” To ensure a valid distribution of scoring, respondents receive an index score only where they had a valid response to all 12 parts of the question (“don’t know” and “N/A” answers were excluded). The overall success score was calculated as a mean of the valid component scores and the range of scores across the 933 respondents was from 12.5 to 100.
How we define cloud-powered companies
How we define cloud-powered
Which of these is your top priority for managing cloud governance, risk and controls?
Cloud-powered companies
Other companies
Dedicated resources for cloud governance, risk and controls
82%
33%
Formal and distinct cloud controls
78%
33%
Documented evaluation of shared responsibilities with CSPs
78%
31%
Cloud controls designed to optimize workloads
87%
37%
Cross-functional stakeholder agreement on cloud strategy that informs cloud governance, risk and controls framework
78%
32%
Policies and procedures tailored to cloud risk and controls
79%
39%
Common controls framework tailored to consider cloud risk and controls
80%
35%
Cloud governance, risk, and controls framework owned by a single business function
84%
36%
Cloud governance, risk and controls maturity
Q: . How would you assess the maturity of your company’s cloud controls across the following areas? Have already implemented
Source: PwC 2023 Cloud Business Survey, January 2023: bases: 95 cloud-powered companies, 838 other companies
78%
31%
Documented evaluation of shared responsibilities with CSPs
78%
33%
Formal and distinct cloud controls
82%
33%
Dedicated resources for cloud governance, risk and controls
Choose one to see how you compare.
Reset
We have resources dedicated to cloud governance
We have an established cloud governance, risk and controls framework
Shared responsibilities with cloud service providers around managing controls and risk
Q: . How would you assess the maturity of your company’s cloud controls across the following areas? (Response to 'Have already implemented')
Source: PwC 2023 Cloud Business Survey, January 2023: bases: 838, 95
Cloud-powered companies
Other companies
Shared responsibilities with cloud service providers around managing controls and risk
78%
31%
Q: . How would you assess the maturity of your company’s cloud controls across the following areas? (Response to 'Have already implemented')
Source: PwC 2023 Cloud Business Survey, January 2023: bases: 838, 95