Cloud Security, Compliance Concerns Overshadow Enterprise Deployments

Large enterprises looking to move some or all of their IT infrastructures to third-party cloud providers have taken pause when it comes time for action due to concerns about moving data that they are responsible for to an infrastructure out of their complete control. After all, it’s still the Wild West out there when it […]

Written By: Jessica Davis
Mar 16, 2010
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Large enterprises looking to move some or all of their IT infrastructures to third-party cloud providers have taken pause when it comes time for action due to concerns about moving data that they are responsible for to an infrastructure out of their complete control.

After all, it’s still the Wild West out there when it comes to the cloud, and while analyst firms are forecasting that much more computing will move to the cloud over the next several years, there’s plenty of work to be done to get it there. And not just infrastructure building and technology work. Setting up company policies on procurement of cloud services, establishing security standards and meeting regulatory requirements will become important components of any cloud migration plan.

Executives at outsourcing matchmaker TPI told Channel Insider that another factor comes from regulations such as Sarbanes-Oxley that have changed requirements for how publicly held companies must keep and report certain data. Those requirements add another layer of contractual complexity to the cloud, according to executives at TPI.

“Some of the new providers don’t understand the policies that big enterprises need in place for Sarbanes-Oxley,” said Tom Lang, a partner and managing director at TPI. To meet their requirements they are looking for providers who have passed a SAS 70 audit.  

Lang and Tom Young, another partner and managing director at TPI, told Channel Insider that CIOs at public companies must ensure that their cloud providers follow specific security and authentication rules and that those must be spelled out in the cloud contract. But newer providers of public cloud services, such as Google and Amazon, are in unfamiliar territory with customer requirements of this nature and haven’t baked that language into contracts yet, according to Lang and Young.

More traditional vendors who understand those concerns, such as HP, don’t have the same kind of commitment to making cloud services work because it may be disruptive to their legacy businesses. That could leave enterprises out when it comes to making a big jump to the cloud bandwagon in the near future

And there’s also a question as to whether cloud solutions are actually money-savers at all for big companies.

“Clients are asking us to evaluate cloud solutions,” said Young. Those clients want to know if such solutions really will make economic sense in their particular situations.

Plus, there continue to be concerns about security. Plenty has been written about the cloud and the security challenges it presents to IT organizations.  

McAfee has introduced a new cloud security program aimed at SAAS providers. And cloud computing was one of the hot topics at RSA’s recent conference.

“When the cloud becomes much more economically viable, you’ll find more people looking to solve its security problems,” Young said.

But just because these issues remain doesn’t mean that cloud computing should be totally off limits for all enterprise companies.

“The thing we are trying to caution people on is to understand the absolute risk,” Young said. That means looking at the relative risk of a cloud solution when compared to a classic solution. Is it really less secure? A classic solution may present more risk in some areas but less in others, for example.

“If more desktops were in the cloud today, it would be a lot less risky than all of us walking around with our hard drives,” Lang said.

 

Recommended for you...

Backblaze CEO on GTM Strategy & AI Demand on M&E Datasets

Backblaze CEO on record growth, AI and M&E wins, and how new products and partnerships are driving enterprise cloud storage adoption.

Jordan Smith
Aug 13, 2025
MetTel to Modernize Communication Lines for VA

MetTel secures a $54M contract to modernize 15,000 VA phone lines across 1,875 locations using its POTS Transformation solution, enhancing reliability and performance.

Jordan Smith
Aug 8, 2025
Stibo Systems Launches New AI Capabilities Across Portfolio

Stibo Systems unveils AI-driven MDM tools to reduce manual work, boost data accuracy, and accelerate operations for global enterprises and partners.

Jordan Smith
Aug 7, 2025
Galactic Advisors Wins Credential-Free Assessment Patent

Galactic Advisors patents a user-activated, credential-free pen testing tool, boosting MSP security with risk-free, forensic-grade assessments.

Jordan Smith
Aug 6, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.