Leadership

Cloud apps are quietly winning over CIOs, but security still spooks many

TechRepublic polled its panel of IT leaders and asked if cloud computing was funded in their 2009 budgets. See the CIO Jury vote and the comments.

A June survey sponsored by F5 Networks reported that two-thirds of IT departments had dedicated budgets for cloud computing. I was skeptical about that number since the survey did not include any CIOs. Also, based on my conversations with IT leaders on this topic, 66% sounded much too high. Thus, I posed the question to TechRepublic's CIO Jury. And, as I suspected, a significantly lower percentage reported that cloud computing was part of their 2009 budgets.

On September 14, TechRepublic polled its 90-member panel of U.S. IT executives and asked, "Does your 2009 IT budget include any funding for cloud-based applications?" The jury, made up of the first 12 respondents, ruled to the "no" votes with seven, verses five "yes" votes. However, several of the "no" voters also commented that they have plans for the cloud in their 2010 budgets.

TechRepublic's CIO Jury is based on the original CIO Jury concept developed by Silicon.com, where you can find lively opinions from IT leaders based in the UK.

The CIO Jury for this verdict was:

  1. Kurt Schmidt, IT Director of Capital Credit Union
  2. Nicholas Dibble, CIO of BuyOnlineNow
  3. Mitchell Herbert, IT Director of McCormick Barstow
  4. James Riner, CIO of R and R Images
  5. Jeanne DeVore, Head of IT for Chicago Shakespeare Theater
  6. Brent Nair, CIO of Wunderlich Securities
  7. Mark Westhoff, Director of IT for Lincolnshire-Prairie View School District
  8. David Van Geest, Director of IT for The Orsini Group
  9. Shawn Cohen, CIO of Value Line Inc.
  10. Lance Taylor-Warren, CIO of H.A.W.C. Community Health Centers
  11. Chris Brown, Vice President of Technology for Big Splash Web Design
  12. Jeff Relkin, Director of IT for Quadel

Beyond just the 12 members of this week's jury, other members of TechRepublic's CIO panel also responded with comments on this issue. Below is a selection of those comments, divided between the Yes and No camps.

Yes

  • " We license a number of applications that are SaaS in nature, and the number is growing each year." (Chuck Elliott, IT Director for Emory University School of Medicine)
  • " Yes. In fact, cloud based application deployment is a significant component of the manner in which we designed our enterprise architecture, with projects designed to yield cost savings and opportunities for operational efficiency." (Jeff Relkin, Director of IT for Quadel)
  • "We migrated this summer from an in-house consumer loan origination system to a cloud based system.  We'll be doing the same with mortgage loan originations in the next couple of months." (John Gracyalny, Director of IT for SafeAmerica Credit Union)
  • "We have initiatives in progress for cloud-based network security and VoIP phone service." (Matthew Metcalfe, Director of IS for Northwest Exterminating)
  • "We are moving student email to Google Apps (Gmail) for 1500 accounts  at no cost the the school." (Randy Krzyston, Director of IT for Thomas Jefferson School of Law)
  • "It's a big push currently to explore and deploy." (Michael Hanken, Vice President of IT for Multiquip Inc.)
  • "Cloud-based depends on how one defines 'cloud.'  We have, for sure, increased the amount of hosted services and applications accessible only through the Web." (Mark Westhoff, Director of IT for Lincolnshire-Prairie View School District)

No

  • "Not this year and most likely not anytime soon. We see this as a possible solution that needs more time to mature. In my opinion  there remains too many questions regarding security [and] data ownership." (Tom Gainer, CIO of FirstBank Southwest)
  • "We do many proprietary apps and need more security. We will wait and see how the security holds up before we will even think about it." (Paul Vawter, CIO of Ohio Housing Finance Agency)
  • "We are still not sure of the legal ramifications of putting our internal data in the cloud, so this is definitely not something that we will pursue until for a few years." (Ingo Dean, IT Director of EastWest Institute)
  • "No . It is much more difficult to ensure the security of our patients' information when it is kept outside of the organization." (David Van Geest, Director of IT for The Orsini Group)
  • "No. Currently the largest issue with cloud computing is the bandwidth requirements for moving large amounts of data." (James Riner, CIO of R and R Images)
  • " All of our practice management and electronic medical records systems are client/server based and cloud computing is not really something we are looking at.  Also as a 501(c)3, we have deep discounts available for full office solutions, so cloud-based solutions are not that attractive." (Lance Taylor-Warren, CIO of H.A.W.C. Community Health Centers)
  • "We maintain our files and applications within our private network. We have no plans for using cloud-based apps in the near future." (David Wilson, Director of IT for VectorCSP)
  • "No, but we will begin to seriously investigate this for 2010, since it will provide a number of new possibilities in partner based applications, interfaces, and storage or DR capabilities." (Edward Beck, Vice President of IT for Line 6, Inc.)
  • "No. Expecting to include for 2010 budget." (Chuck Codling, Director of Infrastructure for Rocky Brands, Inc.)
  • "No. However, our 2010 budget will. We intend to merge six disparate database systems onto the Salesforce.com platform." (Chris Riccuiti, CIO of Needham and Company, LLC)
See also: Feds launch Apps.gov; Cloud computing players salivate

Would you like to be part of TechRepublic's CIO Jury and have your say in the hottest issues for IT departments? If you are a CIO, CTO, IT director or equivalent at a large or small company in the private or public sector and you want to be part of TechRepublic's CIO Jury pool, drop us a line at ciojury@techrepublic.com.

About

Jason Hiner is the Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He is an award-winning journalist who writes about the people, products, and ideas that are revolutionizing the ways we live and work in the 21st century.

14 comments
dwdino
dwdino

for themselves. Look at the companies that voted "Yes". Look at the companies that voted "No". If you pay attention to the companies and the rules by which they are governed you quickly see who "The Cloud" serves. The positive respondents are smaller, unregulated, limited load companies. The risks to them are acceptable for the cost benefits. The negative respondents are larger, regulated, continuous availability entities. The risks are unacceptable in such environment. The "Cloud" as a complete service model is still a toy. There is some low hanging fruit for specific SaaS offerings, but IaaS is a no go. Therefore, if your business model is leightweight, unregulated, and can afford certain loses the cloud is for you. Conversely, if your business model requires compliance with regulation, flexibility, and continuous availability, keep it in the data center.

bsit
bsit

I have several health system clients. Their data is tied up in legal requirements of confidentiality. That alone is an extremely sensitive concern. But what about continuity of access. Any problems with connections, civil disturbance, political games with telcos, natural distasters between you and the cloud, etc. Any of these or more can interfere in access to the apps and data. Then the priority of large to small clients for bandwidth and access. A business could easily be destroyed through any one of these becoming an issue. It would give terrorists and hackers a whole new world of attack surface. The cloud would ALWAYS be behind the attackers in prevention and can only respond once an attack has begun. My clients do not want to be open to such incredibly high risk on so many fronts. Let's pray software companies always allow for stand alone systems and not force users to join the cloud out of a lack of alternatives.

728rwp
728rwp

Anyone who relies on continuous availability of the Internet or the services of one corporation (Google) had better not be doing or storing anything important. This nation and its naive media are about to learn some serious lessons about how vulnerable we are to the most fragile part of our infrastructure.

gary
gary

Cloud computer should not be any scarier than an executive with a notebook or a system administrator with a USB key. The loss of either can mean disaster. Cloud computer is scary but users are going to use it. Therefore, IT professionals have to accept that protection is the goal but mitigation is the reality.

tonycopp
tonycopp

After our server farm trading application solution got sold in April, 2001; it was a no-brainer to go to a cloud application; but not for proprietary data/ internal information. That remained within our firewall. So this question is situation dependent. The cloud cannot be avoided if there is internet access, no?

glenstorm_98
glenstorm_98

Most of this discussion about security (legitimate concern, certainly) seems to me to center around a "public cloud". But cloud technology (really, just a supercharged form of distributed processing) can be used to set up *private* clouds that accommodate an organization's security concerns, while providing flexibility through dynamic (or very rapid) re-sizing, to closely meet their needs. Savings can thereby be realized by purchasing the *right* amount of hardware, rather than over-sizing individual platforms to ensure future needs may be met. Let's not throw out the baby with the bath-water! Am I missing something, here?

hlhowell
hlhowell

Lets take a real step back to the 60's. If you do not remember time shared computing and centralized computing, you need a history lesson. He who doesn't study history is indeed doomed to repeat it. It didn't work then, it won't work now. The net goes down and your whole office is idle until it is back up. A router goes off line and some group of apps don't work. Worse, the hackers can now all concentrate on only a few targets, but on the bright side, so can governments, the IRS, private investigators, the police, the SEC..... I don't know about you, but if I ran a company (I don't) I would lose lots of sleep every night thinking of the many vulnerabilities that this would open up. Regards, Les H

Tony Hopkinson
Tony Hopkinson

A failure to connect to your data and apps over the internet? Have a local infrastructure, all the apps licenses, and your data.... If you have that and maintain it, the cloud has a trivial ROI. Either endpoint goes down, or as proven recently in Iran a critical node in the path between them gets slammed, you are buggered... Better still if the damn thing takes off, there will end up being very few providers. One guy with a backhoe, could take out thousands of businesses.

jemmitt
jemmitt

Jason, I work for a small software company and we use, for example, salesforce.com. But I don't consider our company to be a "cloud computing" organization. Isn't there some distinction between using the odd SaaS based business tool and making the move to a cloud computing model?

glenstorm_98
glenstorm_98

Our company is right now in the process of migrating to a managed hosting model. Part of the migration will just be moving existing equipment, some of it will be into a virtualized environment (depending on the application), and depending the final vendor chosen, a small portion may well go onto their cloud. We're trying to make all such moves intelligently. IT is this company's life blood; without it, we cease to exist *very quickly*. So we're dipping our toes in cautiously, but definitely are interested in it.

Tony Hopkinson
Tony Hopkinson

Security, control and access aren't showstopper issues for an internal cloud. However for that to have an ROI worth the investment, you are talking a lot of kit, people and functionality. The boys selling this stuff are fobbing off security, control, access and reduced functionality as trivial consequences of significant cost savings for any size organisation. As always follow the money.....

glenstorm_98
glenstorm_98

The use of "cloud", like the cloud itself. Is imprecise. It would be helpful to get it nailed down. E.g., is all SaaS considered "cloud"?

jasonhiner
jasonhiner

All virtually all SaaS is grouped into "the cloud" if it is delivered over the Internet.