A survey conducted by Applied Research for Symantec Corporation between April and July 2011 and released October 2011 has found that Security still remains as one of the top concerns when it comes to moving to the cloud. Although it is a top concern, the survey also revealed that it is also a top goal for those same respondents.

On October 4, 2011 Symantec Corp announced the results of its 2011 State of the Cloud Survey. This much anticipated survey is one of the largest cloud surveys of its kind with findings based on 5,300 responses from information technology and C-level professionals responsible for computers, networks and technology resources at both small- and medium-sized businesses and enterprise organizations from 38 countries worldwide. That survey examined many factors that organizations are dealing with in migrating to the cloud-computing model.

Based upon the results of this survey, a majority of organizations have mixed feelings when it comes to security and in fact rank it as their number one concern and top goal of moving to the cloud. In addition, the survey also revealed that their internal technology departments are not currently ready for the move.

Francis deSouza, group president, Enterprise Products and Services for Symantec Corp said, "These survey results reinforce what our customers are telling us. Security is one of their top concerns when it comes to moving to the cloud. To be confident in the cloud, IT organizations must take measures to ensure they have the same visibility and control of their information and applications whether they are in the cloud or residing on their own infrastructure."

"While computing changes constantly, most shifts are simple changes that don’t require organizations to change the core of how they work. Not so with cloud computing," Symantec said. "It requires organizations to change how they approach IT."

Surprisingly, 87 percent of those surveyed indicated that they expect that moving to the cloud will actually improve security. However, achieving security for cloud environments is also a top concern for these organizations, which cited potential risks including malware, hacker-based theft and loss of confidential data.

A minority of those surveyed, under 18 percent, rated their staff as extremely prepared for the transition to the cloud. Nearly half indicated that their internal technology staff is not ready at the present time.

The survey pointed out that the reason for this readiness shortfall is attributable to lack of experience, as only one in four (25%) of internal technology teams have any cloud experience. As a result most organizations engage outside consultants for help in deployment, migration and training.

Seventy-five percent of those surveyed indicated that they have turned to value-added resellers (VARs), independent consultants, professional service organizations or systems integrators when deploying hybrid infrastructure or platform-as-a-service (PaaS) models on the cloud.

Of those surveyed, few have actually deployed full cloud platforms throughout their entire organizations, but nearly three out of four (73%) have adopted or are adopting some form of cloud service, with security services leading the way.

The survey revealed that the top services companies are adopting on the cloud include:

• E-mail;
• Security management; and
• Web and information management security.

Some high level recommendations from the survey include:

• Take the lead in embracing cloud computing. Internal technology needs to take a proactive role in embracing the cloud. Too many organizations today are taking a slow, methodical, conservative approach to moving to the cloud. As an internal technology leader, you should maintain control of important aspects such as security, availability and cost. That is hard to do unless your staff has received the proper training and preparation.
• Set information and application tiers. All of your information and applications are not created equal. Perform an analysis and place your information and applications into tiers to determine what you feel comfortable moving to the cloud.
• Assess your risk and set appropriate policies. Assure that authorized users can only access critical information and that critical information doesn’t leave the company. You should also make sure cloud vendors meet your compliance requirements. Finally assess potential cloud vendors for operational issues such as high availability and disaster recovery abilities.
• Get started now. You don’t have to take an all-or-nothing approach to cloud computing. Leveraging cloud services is an easy first step to moving to the cloud. While it may take time to prepare to move business-critical applications, you can start immediately with simpler applications and services."

View a complete copy of Symantec's 2011 State of Cloud Survey (PDF).

For additional resources from the AICPA, check out:

• Cloud Computing and Privacy
• TechByte
• Cloud Computing

James C. Bourke, CPA.CITP.CFF, is director of Firm Technology at WithumSmith+Brown. He is a past president of the New Jersey Society of CPAs and currently serves on AICPA Council and is the Chair of the AICPA CITP Credential Committee. Accounting Today has continually named him as one of the Top 100 Most Influential People in the Profession.