It's a tidal wave that's going to engulf us all within the next five years. Cloud services will be a $160 billion industry by the end of 2011" (Ginovsky 2011, 21). Although the decision to transition from a traditional approach to cloud computing will depend on each organization's unique circumstances, a number of general benefits have been cited for those companies that have made the partial or complete transition to cloud computing, including the following:

1. It reduces cost in the organization.

2. It does not require additional hardware.

3. It does not require additional resources.

4. Time to market is quicker.

5. It is a way to implement cutting-edge technology without the cost that is associated with it (Ginovsky 2011, 21).

Other authorities have also weighed in on the benefits that can be attained by switching to cloud computing, with some of the potential benefits that can accrue to its deployment including those set forth in Table 1 below.

Table 1

Potential Benefits of Switching to a Cloud Computing Environment

Benefit

Description

Quick implementation process

Most vendors claim their applications can be up and running in a few minutes because there is no software to install. The implementation process also is easier for companies with multiple locations or remote workers to all have access to the same version of the application simultaneously.

Anytime access from anywhere with an Internet connection

Includes the ability for employees to work remotely.

Lower upfront costs

Rather that paying a license fee and for annual maintenance, most cloud-computing models allow users to pay as they go (usually monthly, though some require annual contracts). They can pay per user and easily add more users. Vendors can offer their products at a lower cost in this situation because their systems are built to allow several customers to share infrastructure (both servers and storage areas) in a way that is transparent to users and does not allow those customers access to each other's data. It may be difficult to conduct a cost comparison of doing business on-premise vs. In the cloud unless a company has moved all its business off-premise. Some companies may outsource services such as their e-mail and/or infrastructure support, but still manage their core applications. Upfront costs include the cost of hardware and IT employees that no longer required to remain in-house.

Little or no hardware or maintenance costs

The vendor has responsibility for maintaining the software and servers. In an on-premise environment, the customer pays for the hardware, storage space and IT personnel to maintain the system in addition to the software. In a cloud environment, the vendor fronts those costs, so a larger percentage of the total cost of ownership by the customer shifts away from hardware and people and toward software. Some industry analysts estimate the break-even point of leasing vs. buying the software at about three years.

Source: Defelice 2010, 51

While the experiences of any given business will likely differ, many industry analysts suggest that a primary benefit of switching to cloud computing relates to cost savings. Even though it takes about 3 years for the average enterprise to recoup its initial investment in the switching costs to cloud computing, the increased efficiency and other benefits that have been shown to accrue to cloud computing make the investment worthwhile over the long-term (Defelice 2010, 52). The decision to make a partial or complete transition to cloud computing, though, also requires a careful assessment of a company's unique circumstances, but some general factors that should be taken into account on a case-by-case basis include the following:

1. Reduced support costs. Rather than having to employ in-house experts for product support, the vendor typically provides support directly for the customer.

2. Reallocation of resources. IT staff can be reallocated for more strategic projects, rather than spending time on system upgrades and maintenance.

3. Easier and more regular upgrades. Vendors can regularly tweak their products. In many cases, those enhancements are made automatically in the background without disrupting the customer's work. Most vendors provide advance notice to alert customers about the changes and give them the option of when to turn new features on or off, if they don't like them or aren't ready to upgrade.

4. Disaster recovery and backup capabilities. One of the costs incurred by customers who keep their data on-premise is backing up their data, typically via tape or by contracting a third-party backup provider. This is another area covered by the vendor in a cloud environment. Often vendors have redundant backup systems so that customer data is replicated in a separate data center in case of fire, flood or other disaster. The infrastructure is "self-healing" so that when a failure occurs and the backup becomes the primary source of information, the system launches a new backup instance of the data (Defelice...

In this regard, Werbach reports that, "For example, instead of running local email applications and downloading mail from an ISP to their own hard drives, users can access email through Google's Gmail, a web-based service that stores messages on Google's own Internet-based servers. Instead of running a sales force automation package locally, a salesperson can log into Salesforce.com and access contact and sales pipeline information over the Internet" (2011, 1762).
Other recent trends in cloud computing include those identified in a recent study by DeFelice (2010):

1. An increasing number of applications are available in the cloud. These include, but are not limited to, bill management, enterprise resource planning applications, payroll, sales tax, tax preparation and workflow.

2. Worldwide, revenue from "cloud computing" services is forecast to reach $68.3 billion in 2010, according to analyst firm Gartner Inc.

3. The cloud services industry is poised for strong growth through 2014, when worldwide cloud services revenue is projected to reach $148.8 billion, with the financial services and manufacturing industries being the largest early adopters of cloud services.

4. Benefits of working in the cloud include quick implementation, anytime access, lower upfront and maintenance costs, and easier and more frequent updates.

5. Security and reliability remain top concerns for switching to a cloud environment. There are several questions that should be considered before making an investment in these products to ensure these concerns are minimized (Defelice 2010, 50).

In fact, the cloud computing industry has already reached the $70 billion mark, representing a substantial 16.6% increase over 2009 revenues and all signs predict future consistent growth causing a concomitant increase in concerns over security (Defelice 2010, 50). Although there is no universal definition for cloud computing, there is a growing consensus that the increased use of cloud computing demands increased scrutiny of the potential risks that are associated with this alternative (Werbach 2011, 1762) and these issues are discussed further below.

Risks Associated with Cloud Computing

While all cloud computing applications and their specific potential benefits differ, they all share the common issue of risk. In this regard, Ginovsky emphasizes that, "The current hot topic in business technology is software as a service, or some other form of cloud computing. They all represent leaps forward in productivity, capability and profitability. What they all have and continue to require, however, is an acute focus on and control of risks" (2011, 21). Likewise, Brett Wilson an information technology and compliance for Trust-wave, a company that provides cloud services for merchant banks, emphasizes that like all technological innovations, there are some risks that are associated with cloud computing that must be taken into account in deploying this alternative. According to Wilson, though, "The fortunate thing, though, is that with cloud there are no new risks involved. The worst-case scenario does not change, regardless of infrastructure. The worst-case scenario for any organization around IT security are breaches, the notifications that go along with those, financial loss, reputational damage and regulatory actions that might result" (quoted in Ginovsky 2011 at 22).

Based on his analysis of current trends in cloud computer, Givonsky identified seven of the most significant cloud-computing risks that should be considered:

1. Increased dependency on a third-party provider;

2. Loss of control over the physical and/or logical environment affecting data;

3. Loss of availability should the cloud provider have a service interruption;

4. Privacy and legal liability in the event of a security breach;

5. Difficulty defining exact locations of data;

6. Commingling of data; and,

7. Difficulty of protecting trade secrets (Ginovsky 2011, 22).

Beyond the foregoing, other specific threats have also been associated with cloud computing including the following:

1. Abuse and nefarious use;

2. Insecure application programming interfaces;

3. Malicious insiders;

4. Shared technology vulnerabilities;

5. Data loss or leakage;

6. Account, service and traffic hijacking; and,

7. Other, unknown risks (Ginovsky 2011, 22).

Some of the precautions that businesses can take when making the switch to a cloud-computing environment from an on-site approach have been formalized based on the National Institute of Standards and Technology's (NIST) two working documents, the first of which provides an operationalization of the term and a second that sets forth timely guidelines concerning security and privacy issues that are involved in public cloud computing (Ginovsky 2011, 22). Among the major points of the…