1. Government Regulations Not Keeping Pace With
The Market
The survey said that businesses must pay
significant amounts of money to meet regulatory requirements, while putting up
with the limits regulators place on tech innovation. It's critical for
government and regulators to adopt a regulatory stance that enables, rather
than limits, adoption of the cloud.
"Right now government regulations in
countries around the world are in their infancy," Santos said. "When
it comes to cloud standards, development organizations are working hard to
determine cloud and security issues. But a lot of it hasn't really been
covered."
2. Exit Strategies
Many issues that arise in the business world also
affect companies interested in working in the cloud. Among such issues worrying
cloud users or those considering working in the cloud is having a strategy to
end a relationship if a cloud partner falters.
"How do you terminate a relationship with a
cloud provider?" Santos asked. "How do you get out of that
relationship? If you can't get out, you may be stuck with [unworkable]
contracts or SLAs."
3. International Data Privacy
A slew of differing privacy requirements and laws
around the world addressing how data needs to be protected represent real
concerns for cloud users, the survey said. Multiple regulations can represent
maddeningly complex requirements for businesses.
"For one example, if you work with a cloud
provider and it has a subcontractor in the U.K., how does that impact the
privacy of your data?" Santos asked. "You're going to have to
indicate when the data is shared and how it's used by a third-party provider in
the cloud."
4. Legal Issues
Cloud users face worrisome legal issues arising
from the new cloud business model.
"You'll have to figure out how legal issues
impact your choices going to the cloud," Santos said. "Dealing with
break notification issues, for example, if your provider is in California and
you are in Texas, you need to figure out how that provider is going to meet
break notification requirements. You need to see how those issues are
addressed.
"Data privacy laws in the EU are different
than in the U.S.," he added.
5. Contract Lock-In
Cloud users are growing increasingly
uncomfortable with long-term commitments in the cloud as changes occur so
frequently.
Businesses are wary that their cloud model may
change while they are stuck with contracts.
"The business models may change, so if you
buy in for reason X and later they are no longer providing that service, what
happens next?" Santos asked.
6. Data Ownership And Custodian Responsibilities
Cloud users may enlist cloud providers that have
third-party partners that provide services. But who owns and who is responsible
for the users' data? These issues need to be addressed in SLAs.
"People still need to understand the flow of
their data through these complicated cloud services," Santos said.
"Who is responsible for what? And if the data breaks, who is going to be
responsible and who pays customers if there is a lawsuit?" Santos asked.
7. Longevity Of Suppliers
In a new, rapidly changing market, users worry
that they will lose partners, suppliers and other business associates.
"A lot of these cloud solutions are fairly
new, so if users are looking at putting the crown jewels of information in the
cloud, how can they determine if the solution's going to be around?"
Santos asked.
8. Integration Of Cloud With Internal Systems
"Businesses want to go to the cloud, but
they have legacy systems," Santos said. "How do you integrate existing
systems and processes to the cloud?"
A good example is the health-care industry, with
an abundance of critical systems and devices that need to be maintained
on-premise, and therefore hold back cloud adoption, he said.
9. Credibility Of Suppliers
"With a lot of new solutions, are they all
trustworthy and do they have a track record?" Santos asked. "To find
trusted suppliers in the space, focus on which ones have the credibility."
10. Testing And Assurance
Many of the concerns with the cloud listed by the
survey respondents are being addressed by the Cloud Security Alliance, the
ISACA, and many other organizations.
"There are not a lot of standards and
certifications out there now," Santos said. "But work is being done
to try to address standards like HIPAA, SOX 1 [the Sarbanes-Oxley Act, which
determines which corporate records are to be stored and for how long], and SOX 2.
We are working so people can understand what is needed to ask their cloud
provider."
Source www.crn.com
No comments:
Post a Comment