Security Think Tank: UK firms still not entirely comfortable with cloud

Hybrid cloud environments provide the most flexibility, but how can businesses decide when public or private cloud is more appropriate?

Now that cloud adoption is a matter of "how?" and "where?" rather than a hesitant "should we?" for most, expectations of both benefits and challenges are settling to realistic levels.

The Corporate IT Forum’s 2013 Cloud Computing and Services survey revealed the average organisation as having, or considering, a private cloud implementation, but also assessing the potential of public cloud where and when appropriate. 

Whether using or evaluating third-party infrastructure, the outcome was most likely to be a hybrid approach with on-premise capabilities.

Operational services were the focal area for initial implementations, with mobile cloud/enterprise mobility and hosted collaboration/communications areas of interest for assessment and further research.

Security – particularly long-standing concerns about data security – prevailed as a challenge, but with the survey in its fourth year it was noticeable that technical integration/re-engineering issues topped the perceived challenges list (74.2%). Identity and access management (IAM) shared second place with contract terms and conditions, followed by data and information security (67.7%).

The numbers might be marginal, but suggest enough organisations are making sufficient progress with security challenges for earlier fears to be subsiding. 

IAM remains a major challenge, however, particularly with the adoption of cloud-based email systems. It requires taking key decisions around using integrated log-on requirements or coming back through the firewall and linking back to the organisation’s Microsoft Active Directory, for example.

Storage for collaboration has become much easier, with forum members recommending products such as ShareFile, Skydrive Pro and the enterprise version of Box. The latter's US-only data location may prove an issue for some, but “federation/single sign-on, shared folder management though groups and very easy external collaboration puts the service above a casual Dropbox user”, according to one member.

Putting confidential or customer data in the cloud remains a no-go for the majority, with location, legislation, third-party access, portability, reversibility and supplier liability – and viability – ongoing concerns.

Benefits realisation and ways of resolving challenges will be discussed by corporate IT practitioners at The Corporate IT Forum's annual Cloud Conference on 27 March 2014.

Ollie Ross is head of research at The Corporate IT Forum.

Read more on Cloud security