Despite the hoopla surrounding cloud computing, almost half of U.S. IT managers are still wary of using cloud computing services within their own operations, according to the results of a survey released Wednesday by the Information Systems Audit and Control Association (ISACA).
In the ISACA IT Risk/Reward Barometer, an online survey that attracted 1,809 responses from ISACA members, 45 percent of the participants indicated that the risks of cloud computing outweigh the benefits.
Moreover, only 10 percent of the respondents planned to use cloud computing for mission critical services, and 26 percent had no plans to use cloud computing in any form whatsoever.
As with any new model of IT services delivery, IT managers will take some time to become familiar and comfortable with cloud computing, said Robert Stroud, international vice president of ISACA and a vice president of IT service management and governance for CA. He noted outsourcing faced the same suspicion when it was introduced to IT managers.
Although the survey did not specify what risks are associated with cloud computing, Stroud said that most IT managers worry about keeping data private and secure in a cloud setting. They also worried what would happen to the data should the cloud service provider go out of business.
Cloud service providers could do more to ease these worries by offering more information around their internal security and privacy procedures, Stroud said.
"Transparency is a key aspect of risk management," Stroud said. For cloud providers, "if you have effective governance in place, transparency should not be an issue. In fact, it should be a competitive advantage."
Analyst firm IDC predicts that cloud services will generate US$44.2 billion by 2013.
Like any Web-based survey, the results should be generalized only with some circumspection. Participation was voluntary and limited to existing ISACA members. ISACA is an organization dedicated to setting standards for information systems governance, control, security and auditing. So its audience might tend to be more cautious than most IT workers. Also, the results are confined to U.S. participants.
Last month, ISACA released results from a similar survey of U.K. members from Europe, the Middle East and Africa, who seemed more enthusiastic about cloud computing. In that survey, only about 25 percent said that the risks outweighed the benefits.
Among other findings in the U.S. survey, 79 percent of the respondents said that they plan to invest just as much or even more in risk management in 2010 as they did in 2009.
In general, risk management involves practices such as protecting confidential work data, using only approved software and services and making sure employees understand IT policies, according to ISACA.