Close to half of U.S. IT professionals say that the risks of cloud computing outweigh the benefits, according to the first annual ISACA IT Risk/Reward Barometer survey.
Security professionals are increasingly interested in cloud computing because of its potential to deliver lower total cost of ownership (TCO), higher return on investment (ROI), increased efficiency and pay-as-you-go services. Analyst firm IDC says that cloud services will outpace traditional IT spending over the next five years and will represent $44.2 billion by 2013.
Yet, IT professionals see risks in entrusting information assets to the cloud, according to the survey of 1,809 US IT professionals who are members of ISACA. The IT Risk/Reward Barometer found that only 10 percent of respondents’ organizations plan to use cloud computing for mission-critical IT services and one in four (26 percent) do not plan to use it for any IT services.
Consistent with this attitude is the appetite for overall IT-related risk in 2010. In the face of continued economic uncertainty and despite the potential to drive greater rewards, more than three-quarters of those surveyed believe that projects should offer the same or lower level of risk in 2010. Similarly, 79 percent will invest the same amount or only slightly more in risk management and compliance in 2010.
The risks and rewards of cloud computing are examined in the ISACA white paper, Cloud Computing: Business Benefits with Security, Governance and Assurance Perspectives. The paper is a collaboration between ISACA and the Cloud Security Alliance and is available as a free download at www.isaca.org/cloud.