I recently wrote a story about what some folks in the cloud industry see as the biggest issues holding back adoption of cloud computing. Topics like process, security and data integration all came up. But all those people are from the vendor side of the house.
Recently, I had a chance to go to a customer event hosted by SunGard Availability Services in Austin, Texas where a couple dozen CIOs shared their thoughts about where the cloud industry is and what they would like to see from it. Many of these CIOs are open to using the cloud, but they have some concerns. Here are some of the top apprehensions about the cloud in general that I heard:
The Hotel California effect - you can get data in, but it can never leave
One concern that was reiterated a number of times was around end of life care for data and the exit strategy customers should consider. It's pretty easy to get data up into the public IaaS cloud, but what happens when your contract is done? How can customers be guaranteed that the data is completely wiped from your cloud provider's hardware? Some others in the audience said this can be accomplished by negotiating into your service level agreement (SLA) proof that data has been wiped from discs. Is that realistic? It seems like it would depend on your provider and how big of a customer you are.
Another CIO who works in the health care industry brought up the point that even if your cloud service provider is compliant with some security standard, it doesn't mean that your cloud deployment will automatically be compliant as well. Providers like Amazon Web Services and Verizon Terremark say their clouds can be complaint with health care (HIPPA), financial (PCI) and government (FISMA) standards. But, a provider devoting the resources to prove out the compliance to auditors and having a customer architect their own solution to those standards are two very different things.
NSA and Nirvanix will haunt the cloud for the foreseeable future
For all the great stories we hear about cloud successes, people seem to latch on to and remember the bad stuff a lot more. Revelations that the NSA may have access to "backdoor" information from cloud service providers is a point of concern for some potential cloud users. Whether that's a legitimate concern or not, it was raised by at least one user. Nirvanix shutting down its operations is another black-eye for this industry and one that will be prime example No. 1 whenever someone wants to point to a cloud company going belly-up. Can the industry get past these issues? Most likely, but they'll always stick around to some degree.