Findings from a joint Cloud Security Alliance (CSA) and ISACA survey show that government regulations, exit strategies and international data privacy dominate the top 10 areas where confidence in the cloud is lowest.
A collaborative project by ISACA and CSA, the “Cloud Market Maturity” study provides business and IT leaders with insight into the maturity of cloud computing and will help identify any changes in the market. The report provides detailed insight on the adoption of cloud services among all levels within today’s global enterprises and businesses, including the C-suite.
The study reveals that cloud users in 50 countries were least confident about the following issues (ranked from least confident to most confident).
Click through for the top 10 issues eroding cloud confidence, as identified by the Cloud Security Alliance (CSA) ad ISACA.
The area of least confidence deals with regulation and legislation. This combined measure, which includes regulatory compliance and government regulations keeping pace with the market, ranks last, indicating the lowest degree of confidence that related issues are currently being addressed.
Enterprises must carry significant cost to meet regulatory requirements. At the same time, regulators place limits on enterprises that complicate technology innovation. These two elements combined render the ability of government to keep pace with technology essential. Because the government has such power to influence technology adoption, it is even more critical for government and regulators to understand cloud computing and adopt a regulatory stance that enables, rather than limits, the adoption of cloud.
Users feel much stronger than providers that exit strategies and contract lock-in are not currently being addressed. They ranked contract lock-in at 23 in confidence and exit strategies at 26. Providers also ranked these two items low, but with slightly more confidence.
Security is a current concern and will continue to be a significant concern in the future. The good news is that there is optimism that security, privacy, data ownership, and assurance issues are being and will continue to be addressed. International data privacy, data ownership and custodian responsibilities, and information security — commonly discussed cloud computing concerns — all show increased levels of future confidence. While international data privacy only moved up one position in terms of the ranking, the mean score moved 1.28 points, a significant shift in confidence.
For both users and providers, legal issues are a concern that currently is not adequately addressed for either party.
Contracting for cloud services is a fundamental part of cloud acceptance and market maturity. Within the eight categories of security and assurance concerns, contracting is near the bottom of the confidence rankings (ranked seven). Contracting is an essential part of cloud market growth and in enabling cloud to become a central component of innovation. The two specific issues included in the cloud contracting category are contract lock-in and exit strategies. Contract lock-in is rated 23 on the list of 27 individual problem statements with a mean score of 2.18, indicating a less-than-robust level of confidence that concerns for contract lock-in are being addressed.
Survey participants expressed a general feeling that security and assurance concerns will be addressed in the future. Information security, testing and assurance, data ownership and custodian responsibilities, and international data privacy all demonstrated a higher level of future confidence that they will be resolved.
Cloud user-supplier relationships (which included the credibility of suppliers, the longevity of suppliers, and the glue binding suppliers and users together — the service level agreement) ranked fourth among the eight problem resolution confidence measures. (It is surprising that among these three, there is the highest level of confidence that service level issues are being addressed, whereas the performance monitoring component, which covered monitoring and performing against service level agreements, rated last among the six elements of service confidence.) Credibility and longevity of suppliers ranked 19 and 21, respectively, among the 27 problem resolution statements.
System integration promotes solution effectiveness and efficiency. Implementing cloud without fully integrating it not only into systems so data can be shared, but into IT operations and oversight may leave enterprises at risk. Stand-alone solutions often do not provide the accumulative benefit that comes when individual parts come together in a collaborative solution. This increases the risk that the full value of the solution may not be obtained.
Solutions that are not integrated into IT operations, business unit processes, or the overall governance structure for IT may provide multiple opportunities of lost benefits and increased opportunities for greater cost and potential exposure to security and resilience failures. There appears to be little confidence among those participating in this study that cloud is effectively integrated into the established procurement process or that systems and cloud solutions are being effectively integrated (2.23).
Users and suppliers differ in expressing confidence that provider credibility is being addressed. Suppliers rated it 15 on the list of 27 problem statements being addressed while users rated it 21.
Within user organizations, differences are seen among workers in business units, information security and information technology departments. In every one of the security and assurance items, except for testing and assurance, security personnel are less confident that issues are currently being addressed. The difference in ranking among business, information security and IT participants is especially striking for the concerns for multi-tenancy item. The information security personnel who participated in the study displayed considerably less confidence than business and IT professionals that those problems are being solved.