It seems that every software vendor has become a SaaS vendor, and every hardware vendor is now involved in supporting the cloud. New applications are being offered in the cloud, and businesses can use cloud infrastructure to run their own, custom applications.
Yet cloud adoption is not as much of a ‘slam-dunk’ as the marketing hype would have us think. Companies still think long and hard about moving applications and data to the cloud from traditional, on-premise computing models. And many are hesitating to move applications containing sensitive data.
The benefits of cloud computing are significant – the economies of scale, the potential cost savings, fast deployment and easy scalability. So, what’s holding up adoption beyond inertia?
For many businesses, the essential questions about security, privacy, compliance and control of corporate data remain unanswered. According to the KMPG 2010 Cloud Computing Survey, security is the biggest obstacle to cloud adoption, followed closely by legal, compliance and privacy issues. (From Hype to Future: KPMG’s 2010 Cloud Computing Survey, 2010)
According to the Goldman Sachs Equity Research Report of 2011, 70% of the CIOs surveyed express major concerns about data security in the cloud. Their concerns include the loss of transparency and control over where business data resides and how it is protected outside the enterprise, in the cloud provider infrastructure.
Specific concerns include:
- Loss of governance: The data is outside IT’s direct control, yet its misuse may have a significant impact on privacy, security and intellectual property claims.
- Regulatory compliance: Although regulated data may reside in the cloud, the obligation for regulatory compliance still falls with the organization that ‘owns’ the data.
- Lack of transparency: Cloud vendors do not always disclose the details of how their services work, which third-party partners they use, and exactly where data is located.
For global businesses with offices and users in different countries, the issues are even more complex, as legal requirements vary between countries.
Cloud computing is a fundamentally different way of delivering application services than traditional IT architectures with on-premise servers and distributed clients. The very newness of the model means that many best practices are still in development, and legal issues are as yet unchallenged.
Essential concerns cluster around the topics of transparency and control, international boundaries, and regulatory concerns.