Security and Compliance Holding Back Public Cloud Market

Igor Altman

February 24, 2011

When IT professionals and expansion stage technology executives discuss cloud computing, a mix excitement and dread emerges for the IT professionals.

They express excitement because the cloud presents a great opportunity for IT departments to offer self-service with better utilized resources to their clients. The cloud market’s projected growth in 2011 shows that widespread adoption. According to global market research firm Gartner, revenue from cloud services in 2011 is expected to be $83.1 billion, up from $68.3 billion last year.

But IT managers express dread because cloud adoption puts them under pressure to deliver.  And implementing a true cloud computing environment is very difficult. That implementation becomes even more difficult when companies take into account security and compliance policy.

Those are two of the biggest issues holding back the cloud market. A 2010 survey by Forrester Research revealed that 64 percent of IT bosses still have concerns about the security of the public cloud. The private cloud doesn’t face as much skepticism, with Forrester’s survey revealing that 25 percent of IT managers made building a private cloud a top priority last year.

I recently spoke with a collection of IT managers who have experienced the process of implementing both public and private cloud computing capabilities. I was curious how they decided what to put on the private cloud and what to place on a third party public cloud.

Was it economics? Was it ease? Most of the time, it was neither. Instead, their decision was based on data security and compliance, implicitly or explicitly.

For example:

  • If application A works with data set X and that data set is extremely sensitive, then both would stay in-house, regardless of economics.
  • By contrast, if application B works with data set Y and it’s less sensitive, then both can reside in a public cloud environment to be accessed via browser or VPN.

Many times, the distinction of sensitivity and what should or shouldn’t be placed in the public cloud was driven by the compliance department, not the IT manager.

Regardless, CIOs and IT managers have made it clear that they would move more of their applications and data to public cloud providers if compliance and security didn’t stand in the way. CIO Magazine recently revealed statistics from a study completed by the Ponemon Institute (in partnership with CA Technologies) that spoke to those concerns.

According to the study, only 33 percent of the more than 900 respondents expressed confidence that their data assets are secure in the cloud. But here’s the good news for cloud providers: only 56 percent of those same respondents expressed confidence in the security of their on-premise alternative. The bottom line is that if cloud providers can improve security and compliance, there is clearly an enormous opportunity available to them.

A number of consultants and industry analysts in the cloud computing markets have indicated that over time public cloud providers will overcome those concerns, and enterprise compliance departments will become more comfortable with the idea of sensitive data in the public cloud, driving more widespread adoption.

For instance, Amazon reached PCI Level 1 compliance. For those unfamiliar with PCI (Payment Card Industry Data Security Standard), it’s a set of security requirements that ensure companies process, store, and transmit sensitive data in secure environments. Amazon was wise to reach PCI Level 1 compliance and I’m sure more companies will follow.

Gaining an Edge

The public cloud providers who achieve various levels of compliance and security will have a strong competitive advantage, at least in the short term. Those that provide thought leadership in the space can potentially make that advantage last longer.  

As the adoption of the public cloud grows, there will be significant opportunities for start-up and expansion stage software companies to help public cloud providers achieve compliance with various standard and provide better data security.

If your company’s long term goal is acquisition, keep this in mind, too: Large tech companies recognize those opportunities as well and will most likely look to purchase niche cloud security and compliance players that can help them tap into that market.

Senior Director Project Management

Igor Altman is Senior Director of Product Management at <a href="https://www.mdsol.com/en/">Medidata Solutions</a>, a leading global provider of cloud-based clinical development solutions that enhance the efficiency of customers’ clinical trials. Prior to Medidata, he worked at OpenView focusing on new investments in the IT space.