ISACA recently polled 1809 of its US members in its annual IT Risk/Reward Barometer survey. What the international IT governance association found was that nearly half (45%) of IT professionals who responded felt that the security risks of cloud computing outweighed the would-be benefits.
Drilling deeper into the survey, only 17% of professionals polled felt that the benefits of cloud computing – namely cost savings – were worth the potential security risks. A further 38% felt that the risks versus rewards involved with cloud computing were appropriately balanced.
The survey indicated further uncertainty among IT professionals, as more than half of those who responded said that their organization either did not plan to use cloud computing for any IT services in 2010, or that they were not yet aware of the cloud computing plan. This contrasts with the 15% of professionals who said their organization would employ cloud computing solutions for low-risk, non-mission-critical IT functions, with only 10% saying they would use cloud services for mission-critical services.
But the risks of ‘the cloud’ may not be so dark, at least according to Robert Stroud, who is the international VP of ISACA and VP of IT service management and governance at CA. “The cloud represents a major change in how computing resources will be utilized, so it’s not surprising that IT professionals have concerns about risk vs. reward trade-offs”, he said in a statement regarding the survey results.
“But risk and value are two sides of the same coin”, added Stroud. “If cloud computing is treated as a major governance initiative involving a broad set of stakeholders, it has the potential to yield benefits that can equal or outweigh the risks.”