Most business IT infrastructure will be in the cloud within five years, according to panellists debating the security risks of cloud computing at Infosecurity Europe 2010 in London.
Lack of transparency, not security, is the biggest issue preventing many organisations from moving to cloud computing, said Jim Reavis, executive director of the Cloud Security Alliance (CSA).
Without auditor sign-off on transparency, this means many early adopters of cloud computing are taking on the risk personally, he said.
But Reavis predicts this will soon change as service providers respond to demands from businesses, which will be forced to move to cloud computing or at least software-as-a-service by "brutal economics."
Eli Lilly is the poster child for the extraordinary savings and return on investment that can be achieved using a cloud computing model, said Paul Simmonds, board member of security user group the Jericho Forum.
"By hiring 130 servers from Amazon, the company was famously able to complete a number crunching exercise in a single day for less than $100, instead of taking weeks at a cost of more than $100,000," he said.
But in this case the risk was low as it was purely a number crunching exercise that did not involve any personal information, said Simmonds.
"It always comes back to making a risk-based decision," he said.
The turning point will come, said Reavis, once the industry has agreed on a scalable way of providing the necessary assurances in the cloud environment to mitigate the risk.
With various cross-industry initiatives in the pipeline on assurance standards and interoperable identity management, Reavis said this could happen sooner than many people think and business should be preparing for this inevitable change driven by economics.
Both Reavis and Simmonds agreed that the cloud computing model could achieve critical mass within five years, but with the cyclic nature of the industry, there is also the chance there will be a tip back, said Simmonds.
Reavis believes five years is a realistic estimate because of the "compelling economics", and says it may even be sooner if the industry can move quickly to build confidence in emerging standards.
"By 2020, everything is likely to be in the cloud because few organisations will be able to afford to run decoupled, private cloud environments," he said.