The amorphous nature of cloud computing can make IT pros charged with protecting their organizations' data feel as if they're trying to rope the wind.
While privacy and security top the list of governance woes cited by the business technology professionals we spoke with, availability, performance management, accessibility, auditing, and monitoring are far from nonissues, especially for those subject to restrictive regulations such as Payment Card Industry standards or the Health Insurance Portability and Accountability Act.
"Cloud computing, in my opinion, would cause too great a reliance on having Internet connections, plus expose company information to compromise or theft," says one respondent to our September InformationWeek Analytics cloud computing survey. "From a PCI compliance point of view, it would be a nightmare."
Still, the pluses scaling applications quickly and seamlessly while shedding capital and operating expenses associated with maintaining servers are attractive enough that this model will continue to gain popularity with business leaders. And cloud computing proponents, including the big vendors vying for shares of this lucrative market, are masters of accentuating the positives while downplaying potential negatives, like outages and governance challenges.
So how can information security pros reconcile their need for governance with business leaders' directives to bring capital and ongoing costs under control? Our advice: CIOs must sit security groups down at a table with legal counsel and data owners to hash out issues. Having these hard discussions up front is the only way to counter skepticism, like that expressed in our poll, where just 18 percent of the 456 business technology professionals surveyed said they were using cloud services, compared with 34 percent who have no interest. More than half said they are very concerned about security, with performance, control, and concerns over vendor lock-in and support rounding out the top five worries.