"Government regulations keeping pace with the market," "exit strategies," and "international data privacy" were found to be the top three areas where organizations have the lowest confidence in cloud computing.
The findings were based on the first global survey jointly conducted by non-profit organizations ISACA and Cloud Security Alliance (CSA) on 252 participants in 48 countries, representing cloud users, providers, consultants and integrators from 15 industry segments.
In the "Cloud Market Maturity study," those who identified themselves as cloud users (85%) were asked to rank on a scale of zero to five a number of considerations in cloud computing, with zero being the least confident. The following shows the top 10 issues that cloud users have (ranked from least confident to most confident):
- Government regulations keeping pace with the market (1.80)
- Exit strategies (1.88)
- International data privacy (1.90)
- Legal issues (2.15)
- Contract lock-in (2.18)
- Data ownership and custodian responsibilities (2.18)
- Longevity of suppliers (2.20)
- Integration of cloud with internal systems (2.23)
- Credibility of suppliers (2.30)
- Testing and assurance (2.30)
"One of the most interesting findings is that governance issues recur repeatedly on the list of the top 10 concerns. Cloud users recognize the value of this [cloud computing] model, but are wrestling with such questions as data ownership, legal issues, contract lock-in, international data privacy and government regulations," said Michael Yung, past president of ISACA Hong Kong Chapter.
"I am aware that in one of the worst cases, a cloud service user has lost its data completely as a result of vendor lock-in." — Antony Ma, chairman, CSA Hong Kong & Macau Chapter
"Government regulations keeping pace with the market" refers to data jurisdiction requirements, Yung said. Some of the common issues include whether a company's data can be stored outside of Hong Kong, and whether their data will be viewed or obtained by other governments. Some enterprise cloud users are also concerned about the performance of utilities like power availability, in certain countries where their cloud service providers operate their facilities in.
Concerning exit strategies, the survey respondents were keen to know whether it is easy for them to exit a cloud service and migrate their data from one cloud service provider to another, should they become unsatisfied with the existing cloud service.
As for contract lock-in, survey respondents in Asia did not see this as significant a problem in terms of being addressed as do their counterparts in Europe or North America. However, Asian participants have less confidence that exit strategies are being addressed when compared with European or North American participants.
"Vendor lock-in does not necessarily mean that a cloud user will be stuck with a cloud service provider," said Yung. "Rather, it often requires the cloud service user to go through complicated procedures to retrieve the data [from a proprietary cloud-based service.] For example, one needs to spend the cost of writing a software, exporting the data, and importing the data to a new system."
Sign up for CIO Asia eNewsletters.