Larry Bonfante, CIO of the United States Tennis Association (USTA), on the other hand, is among those IT leaders who are cautiously moving to the cloud. From a security standpoint, his greatest concern is protecting consumer data-a tall order given that, for example, approximately 80 percent of tickets for U.S. Open matches are purchased online. He isn't ready to let those transactions happen in the cloud yet because he is not convinced that all the technological pieces are in place to do it securely. But he feels differently about his back-end financial and reporting systems.
He's moved all internal back-end systems to the Amazon Web Services platform, believing that Amazon's security resources will supplement those of his own organization. Bonfante says the benefits include lower costs and fewer servers for his IT staff to baby-sit, which has allowed him to deploy new solutions more quickly. He says the cloud has also reduced the USTA's carbon footprint: Less on-site hardware means less energy is used to power the IT shop.
Before cloud computing can become universally accepted as a secure option, a few things have to happen, says Ken Pfeil, CSO for a large mutual fund company in the Boston area and formerly CSO for financial companies Capital IQ and Miradiant. (Pfeil spoke for himself and asked that his current company not be named).
First, he says, security experts must come up with more specific guidelines for which kinds of data are acceptable to store in the cloud, be it customer information or intellectual property. He also wants clarification from regulatory agencies such as the Securities and Exchange Commission as to how financial reporting controls should work in the cloud.
He's not satisfied that those questions have been answered, especially when it comes to the kinds of financial data that can go to the cloud. Therefore, his company is avoiding it for now.
Keeping Tabs on Business Partners
You still have a choice as to whether to trust cloud vendors to manage your data. Your relationship with business partners is more complicated.
Survey respondents are somewhat more concerned than they were last year that their own security is threatened because the security of business partners and suppliers had been shaken by the recession. More than three-fourths (77 percent) of respondents agreed that their partners and suppliers had been weakened by the recession, up from 67 percent a year ago.
"Companies are increasingly dependent on third parties whether they like it or not, and those partners need access to your IT infrastructure and your data," Lobel says. "That's tough when times are good and scary when times are bad." Facing their own business problems, third parties need to cut costs just like you do, and they may slash security controls in the process, he says.
Sign up for Computerworld eNewsletters.