Better understanding needed to combat concerns over cloud security and loss of control

The arrival of any new approach to technology is traditionally accompanied by hype, and nowhere is this more true than in cloud computing. Yet it has become very clear that cloud computing, or more specifically cloud-based Infrastructure as a Service (IaaS), is far from a fad: we are moving towards a point where this approach will become the norm for corporate IT.

The benefits appear obvious – reduced costs, increased automation and simplified IT are often cited – but lingering doubts exist outside the IT department. So is the IT department being held back from investing in the cloud – and potentially transforming the way IT is delivered – by others in the business?

Recent research suggests this is indeed the case. A recent poll of 100 Chief Financial Officers (CFOs) in mid-sized organisations found that a mere one third admitted to understanding fully the benefits of moving their IT into the cloud. This was substantiated at a seminar hosted in September 2010 by the Institute of Chartered Accountants in England and Wales (ICAEW), where half the delegates admitted that the ‘finance department is a laggard in the adoption of cloud computing’.

This initially may seem strange, particularly when considering one of the key benefits of cloud-based IaaS solutions: reduced cost. The efficiencies, which cloud computing enables, can allow organisations to pare back on new capital investments, and instead fund projects from operational expenditure, helping maintain a lean balance sheet.

It also offers the flexibility to scale with ease, adopt the latest technologies cost-effectively, and eliminate surplus equipment being left under-utilised within an organisation’s data centres. IT would also point to the easier change management of infrastructure including maintenance and upgrades, improved agility to deploy solutions and choice between vendors – all of which have a positive impact stretching beyond the walls of the IT team and out into the business.

So why, at a time of budget squeezes and economic uncertainty, have CFOs so far been wary of the cloud? The research revealed that the main source of CFOs’ reluctance is centred around the lack of control when outsourcing the management of their IT infrastructure, with fifty-six per cent of respondents also citing fears around the security of sensitive customer or commercial data.

Perhaps it is understandable – there have been several high profile outages and security breaches from cloud solutions from big name providers, and forty-five per cent admitted that high-profile media stories around IT outages or data losses made them more inclined to keep their data in-house, despite the cost implications. But one of the research’s most telling statistics was that only just over a quarter of CFOs said they fully understood the difference between private and public clouds – two very different approaches to cloud computing.

Public clouds, as the name suggests, include resources (such as computing or storage) which are shared with others, and can often by used by anyone with a credit card. Many believe that the public cloud will be the dominant way of IT delivery in the future. But despite the major capital and operational expenditure savings the public cloud offers, the vendor’s focus is usually to provide flexible IT resources at a low cost, which does not tally with the needs for secure and available data and infrastructure which are high on a businesses’ list of requirements for many elements of their IT.

In order to exploit the benefits of modern computing, network, virtualisation, and storage resources which the cloud offers, it seems finance needs much more reassurance that they will not relinquish control and security. To do this many organisations are turning to an enterprise-class private cloud-based IaaS solution, as IT resources are delivered from within the corporate firewall and therefore within the boundaries of an organisation’s own security policies.

It is crucial, however, that a private cloud provider’s resilience can be proven. Organisations need to be supremely confident in the availability and integrity of the data or infrastructure they pass over to a third party provider. If this can be demonstrated, the private cloud allows businesses to leverage the benefits of the cloud, without any fears surrounding loss of control, security and overall performance trade-off.

IT – both vendors and internal IT departments – have a job on their hands to ensure that businesses do not miss out on the cloud by communicating its benefits, and the right type of cloud approach.

Many business leaders are already familiar with provisioning IT ‘as-a-Service’ through Software-as-a-Service, and the old ASP (application service provider) model, but the real value comes by taking IT further into the cloud and provisioning their IaaS. Using a trusted partner who can demonstrate data integrity and resilience, permits IT to focus on revenue generating projects rather that performing endless maintenance on legacy systems.

With 25 years of business expertise, Keith Tilley keeps SunGard Availability Services’ European operations at the top its field. Keith joined SunGard in November 2001 when it acquired Comdisco. Prior to that, he worked for Failsafe Roc, Istel and Rover Cars—progressing from the IT department to operations manager then moving into various commercial and product management roles.