Much attention has been devoted – in Financial Director and elsewhere – to the business benefits of cloud computing, where the internet cloud is used as a platform for delivery of services from a third-party provider. More and more people are casting doubt whether these benefits can be real and the transition of some services into the cloud is at least somewhere on the technology agendas of most organisations.
However, despite the hypefest around cloud, a recent poll of 100 UK finance directors and chief financial officers highlights a reluctance from finance to shell out for cloud technologies unless a provider can present strong proof that customer data will be safe and always available.
In fact, the study, conducted on behalf of business continuity adviser SunGard Availability Services, suggests FDs are rightly much more concerned about security than, well, finance. It seems that three times as many CFOs are looking for “a solid record of resilience and protecting of a customer’s data” rather than “impressive RoI” when selecting a cloud provider.
The research found that concerns over data protection and resilience are the most common factors in holding CFOs back from entrusting their organisations’ data to third-party cloud providers. Only 15 percent say they are happy to outsource all of their data. More than half (56 percent) cite fears around the security of sensitive customer or commercial data in outsourcing IT infrastructure to a third party.
Unsurprisingly, core financial accounting systems top the list of applications CFOs would least want to move into the cloud or outsource (37 percent), compared with 13 percent who are reluctant to operate their whole corporate website from the cloud. The survey also suggests that it could be some time before the majority of datacentres are no longer managed in-house. Almost three quarters of CFOs said they would like to remove datacentres from their organisation’s balance sheet, yet only a quarter of those surveyed think this is likely to happen over the next five years. This is exactly as it should be. Given the fact that data is the lifeblood of almost any company operating today, and that the wonders of digital technology mean that this data can be lost in less than the twinkling of an eye, their caution is well placed.
Much was made of the effect WikiLeaks could have on government and diplomatic relationships, but the consequences of data breaches can be even more profound for companies. The loss or theft of mission-critical information held by a cloud computing service provider could have a devastating impact on a business in operational, privacy and reputational terms. Other – unfortunately very real – scenarios to avoid include an offshore cloud service provider being forced by legal measures to pass confidential hosted material to a local government.
But it is vital to remember that some clouds are more equal than others. As well as having the ‘public cloud’ available to you – basically, all of the internet – you can choose to fence off a bit of the cloud to operate as a private platform that delivers secure services to a limited number of people, usually from behind a corporate firewall. Such a platform can be either developed in-house or provided by a trusted third party.
It all comes down to the drawbacks: what do you stand to lose? It is true that jumping onto the cloud bandwagon can offer extremely compelling cost benefits, but data security must take precedence over short-term savings, and private cloud architectures can address these security issues. The sobering fact is that gambling with critical data could save you out of business entirely.
Click here to read a finance director’s personal take on cloud computing risk