Security and compliance holding back public cloud market
December 24, 2010
When I speak with IT heads at various organizations about cloud computing, regardless of their size, they express a mix of excitement and dread. They express excitement because the cloud presents a great opportunity for IT to offer self-service with better utilized resources to its clients. They express dread because they’re under pressure to deliver, and implementing a true cloud computing environment is very difficult.
It’s especially difficult when you start taking into account security and compliance policy.
I recently spoke with a number of IT managers who already implemented cloud computing, both public and private. I asked them how they decided what to put on the private cloud and what to put on a 3rd party public cloud.
Was it economics? Ease?
Most of the time, the answer was no. Instead, it had to do with data, implicitly or explicitly. If application A works with data set X, and data set X is extremely sensitive, application A and data X stay in-house, regardless of economics. If application B works with data set Y, and it’s less sensitive, both can reside in a public cloud environment to be accessed via browser or VPN. And many times, the distinction of what was okay and not okay for the public cloud was driven by the compliance department, and not the IT manager.
These managers made it clear that they would move more of their applications and data to public cloud providers if compliance and security was not in the way.
A number of consultants and industry analysts in the cloud computing markets indicated to me that over time public cloud providers will overcome these concerns, and enterprise compliance departments will become more comfortable with the idea of sensitive data in the public cloud, driving more adoption.
Indeed, two weeks ago Amazon reached PCI Level 1 compliance. And I’m sure there’s more to come.
The public cloud providers who achieve various levels of compliance and security will have a strong competitive advantage, at least in the short term. Those that provide thought leadership in the space can potentially make that advantage last longer.
As a venture capital investment fund, OpenView Venture Partners continues to see opportunities for start-up and expansion stage software companies to help public cloud providers achieve compliance with various standards and also provide better data security. Large tech companies see the opportunity as well and are looking to purchase niche cloud security and compliance players.