There’s a big difference between your typical start up and a growing number of not-for-profits, and your typical large enterprise, whether private sector or public.

For the first group, they’re already in the cloud for routine daily activities. For the second, they’re almost always operating in house, even if they have a few applications running in the cloud.

What’s the number one application in any organization by number of hours spent using it? Probably email.

Big enterprises shy away from cloud-based email. “Our secrets will be exposed”, they say.

Start ups and not-for-profits have just as many secrets to protect. Yet they trust cloud-based email, whether it’s from Google or a vendor operating Exchange in the cloud.

I was in a not-for-profit meeting on Sunday that brought nine people together from nine different organizations. This working group will be developing budgets and other types of documents for a joint project. No one thought it unusual that we would all use Google Docs for it.

It could have been a wiki just as easily, of course — and there are no shortage of vendors of that, either.

A large enterprise would force that kind of activity into SharePoint, most likely — along with the lag time to get the new shared work group set up.

If you want to protect email, you routinely encrypt messages. Few do. (I don’t mean just “access it using secure browser — the https:// — methods” — I mean strong public key encryption.)

Some large enterprises have thought differently about this. Not enough, though.

Typical would be what one university said, when it danced close to the cloud and once again backed off. “We’re required to ensure that no student’s records are exposed in any way, and since professors submit marks using spreadsheets, and since work is returned to students via email, we can’t risk it.”

This from an institution riddled with incoming spam, viruses and trojans galore on the network, and a single log-in system that, while very useful to staff and students alike, means that one password being cracked is sufficient to rifle through anyone’s server space or email.

It’s not an indictment — it’s hard to have an open network that’s easy to use and not constantly be in catch-up mode to eradicate the stuff that infiltrates these days via infected devices — but it shows how large enterprises think “in house resources are more secure”.

But they’re not more secure — they’re merely as secure. In which case, it’s not an argument.

Earlier in May we spent a week discussing the Bring Your Own Device (BYOD) phenomenon. Going to the cloud and BYOD tend to fit together better than insisting on keeping all the assets on your own servers using proprietary tools.

Here’s the other big reason for putting simple office functions in the cloud: business continuity.

Most organizations don’t have a viable business continuity plan. Of the ones that do, restoring shared drives, email, SharePoint, and other tools isn’t likely on the “must recover” list.

Yet they’re now essential to continuing operations — and likely where the documents you need to restore operations live. Put this in the cloud, and it’s ready to use.

That’s what the small, the agile, and the organizations that don’t have time to muck around with technology know and make use of.

The big enterprises? Time to shift your thinking.