Top 10 Issues Eroding Cloud Confidence12:00 PM EST Thu. Oct. 04, 2012
A survey to gauge the level of maturity and innovation in the cloud market by the Cloud Security Alliance and the ISACA, previously known as the Information Systems Audit and Control Association but now known by its acronym only, shows that the market has not yet met high expectations. Drawn from 50 countries and 252 participants ranging from service providers, cloud users, integrators and consultants, the survey estimated it will take three years before cloud platform and infrastructure services experience a full growth stage, and two years for software services.
J.R. Santos, Cloud Security Alliance global research director, said that while the respondents believe the cloud offers great opportunity there are still many issues that hinder its development. "In general, a lot of the folks [in the survey] felt the cloud is still fairly immature," he said.
Continue on to see what issues concerned cloud users, with the issues that inspired the least confidence first.
The survey said that businesses must pay significant amounts of money to meet regulatory requirements, while putting up with the limits regulators place on tech innovation. It's critical for government and regulators to adopt a regulatory stance that enables, rather than limits, adoption of the cloud.
"Right now government regulations in countries around the world are in their infancy," Santos said. "When it comes to cloud standards, development organizations are working hard to determine cloud and security issues. But a lot of it hasn't really been covered."
Many issues that arise in the business world also affect companies interested in working in the cloud. Among such issues worrying cloud users or those considering working in the cloud is having a strategy to end a relationship if a cloud partner falters.
"How do you terminate a relationship with a cloud provider?" Santos asked. "How do you get out of that relationship? If you can't get out, you may be stuck with [unworkable] contracts or SLAs."
A slew of differing privacy requirements and laws around the world addressing how data needs to be protected represent real concerns for cloud users, the survey said. Multiple regulations can represent maddeningly complex requirements for businesses.
"For one example, if you work with a cloud provider and it has a subcontractor in the U.K., how does that impact the privacy of your data?" Santos asked. "You're going to have to indicate when the data is shared and how it's used by a third-party provider in the cloud."
Cloud users face worrisome legal issues arising from the new cloud business model.
"You'll have to figure out how legal issues impact your choices going to the cloud," Santos said. "Dealing with break notification issues, for example, if your provider is in California and you are in Texas, you need to figure out how that provider is going to meet break notification requirements. You need to see how those issues are addressed.
"Data privacy laws in the EU are different than in the U.S.," he added.
Cloud users are growing increasingly uncomfortable with long-term commitments in the cloud as changes occur so frequently.
Businesses are wary that their cloud model may change while they are stuck with contracts.
"The business models may change, so if you buy in for reason X and later they are no longer providing that service, what happens next?" Santos asked.
Cloud users may enlist cloud providers that have third-party partners that provide services. But who owns and who is responsible for the users' data? These issues need to be addressed in SLAs.
"People still need to understand the flow of their data through these complicated cloud services," Santos said. "Who is responsible for what? And if the data breaks, who is going to be responsible and who pays customers if there is a lawsuit?" Santos asked.
In a new, rapidly changing market, users worry that they will lose partners, suppliers and other business associates.
"A lot of these cloud solutions are fairly new, so if users are looking at putting the crown jewels of information in the cloud, how can they determine if the solution's going to be around?" Santos asked.
"Businesses want to go to the cloud, but they have legacy systems," Santos said. "How do you integrate existing systems and processes to the cloud?"
A good example is the health-care industry, with an abundance of critical systems and devices that need to be maintained on-premise, and therefore hold back cloud adoption, he said.
"With a lot of new solutions, are they all trustworthy and do they have a track record?" Santos asked. "To find trusted suppliers in the space, focus on which ones have the credibility."
Many of the concerns with the cloud listed by the survey respondents are being addressed by the Cloud Security Alliance, the ISACA, and many other organizations.
"There are not a lot of standards and certifications out there now," Santos said. "But work is being done to try to address standards like HIPAA, SOX 1 [the Sarbanes-Oxley Act, which determines which corporate records are to be stored and for how long], and SOX 2. We are working so people can understand what is needed to ask their cloud provider."