top of page

Cloud services in the EU and the Adriatic

Public cloud growth is driven primarily by digital transformation initiatives, cost efficiency, and remote work adoption. Yet one less known reason is security: the new threat landscape makes it increasingly difficult to run applications on-premises or separately from the software manufacturer, as cybercriminals are getting faster at exploiting zero-day vulnerabilities, especially in internet-facing devices such as VPNs. Relying on the cloud, especially in the form of SaaS and PaaS, increases resilience by outsourcing critical maintenance tasks to the cloud provider. Cloud providers usually adopt security best practices such as Multifactor Authentication (MFA) earlier than for on-prem systems. They are usually keen on protecting their public-facing assets, as their revenue and core business depends on the infrastructure running smoothly.


Although concerns about data privacy and security remain significant, the fact is that most breaches today occur where self-managed and self-hosted legacy infrastructure still prevails (see here and here). That's one of the key reasons why the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is now advising many businesses and organizations to move their IT infrastructure to the cloud: "One major improvement you can make is to eliminate all services that are hosted in your offices [...] These systems require a great deal of skill to secure. They also require time to patch, monitor, and respond to potential security events. Few small businesses have the time and expertise to keep them secure. [...] We urge all businesses with on-prem systems to migrate to secure cloud-based alternatives as soon as possible." (see more here).


It seems security professionals also understand this: according to a recent survey by IDC and commissioned by Fortinet (see here), 66% of security leaders believe security in the public cloud can be as effective as — or more effective than — on-prem security.


But what does the cloud adoption look like in the EU and the Adriatic region?


Here are some notes based on recent data from Eurostat:

  • 45.2 % of EU enterprises bought cloud computing services in 2023, an increase from 42% in 2021. That is sluggish growth when compared to forecasts of 20% YoY growth for public cloud services worldwide (see Gartner here). Cloud computing is yet to go mainstream in the EU.

  • The cloud model seems the most widespread in advanced northern EU economies such as Finland, Sweden, Denmark, and Ireland, where more than 65% of enterprises bought cloud computing services. Less developed economies in the eastern EU are not huge fans of the cloud: Greece, Romania, and Bulgaria this share is less than 25%.

  • Adriatic countries such as Slovenia, Croatia, Serbia, and Montenegro are somewhere in between with around 30% cloud adoption. Interestingly, Slovenia seems to have even reduced its cloud spending compared to 2021. Bosnia and Herzegovina is closer to the group using the least of the cloud, with only 20% usage.

  • Most of the expenditure on the cloud is about E-mail, file storage, and office software - meaning most businesses are now moving their e-mail systems to SaaS offerings such as Google Workspace or Microsoft 365. Yet, other forms of cloud computing, such as using SaaS to run core CRM or ERP software, are much less prevalent, used by only around 25% of the enterprises that reported buying cloud computing.

  • Running security software applications in the cloud is quite popular among the companies relying on the cloud: around 60% of those opting for some form of security delivered as SaaS (probably email filtering and endpoint security?).

  • The fact remains that most of the cloud adoption in the EU and the local Adriatic region is driven by e-mail as the key business application. However, other forms of cloud computing are still at very low levels of adoption. In particular, Eurostat has 2 categories called "Platform for application development" and "Computing power for enterprise's own software". Roughly speaking, these would include running containers, virtual machines, or low-code app development platforms in the cloud. In practice, we're talking PaaS and IaaS here, and these categories see a 25% prevalence among the companies using the cloud. Factoring that on the whole market, that would imply only around 10% of companies, are truly using the cloud beyond e-mail (and office productivity apps).

  • In the Adriatic, that would yield an adoption of PaaS/IaaS ranging from 10% in Croatia and Slovenia to 3% in Bosnia and Herzegovina, with Serbia and Montenegro somewhere in between.


Generally, cloud adoption in the EU and the region is neatly reflecting the level of economic development. The more advanced economies are using it the more. Yet overall, the EU seems a laggard in terms of cloud adoption, which is mainly driven by e-mail as the key business app. Let's see if that changes, especially with growing cybersecurity challenges and the related skill shortage.


Latest news

bottom of page