Summary Bullets:

• Security remains both one of the top barriers to entry into the cloud and perhaps the greatest differentiator for enterprise-class cloud services.
• Though the lack of common industry-wide standards remains a challenge, savvy cloud providers are finding innovative ways to demonstrate their ability to protect customer assets in an on-demand environment.

For understandable reasons, many organizations are wary enough about security today in the cloud to put off enterprise-wide migration plans far into the future.  With the on-demand model still a mystery to many and no clear cut industry-wide standards to establish baseline cloud computing specifications, enterprises are not willing to risk exposing critical assets to the unknown.  In Current Analysis’ 2012 survey on enterprise cloud adoption, security was cited as the single biggest concern associated with moving to a cloud strategy.

Add worries about regulatory compliance and industry mandates to the mix, and many organizations admit the payoff of moving to on-demand service just is not worth the pain right now.  Yet, as legitimate as these worries are, there are some very good reasons for businesses and public sector organizations to take a closer look at some services that are addressing these concerns head on with some fairly stable and comprehensive security controls embedded directly into their services and integrated throughout their operational practices.  In fact, the most industrious enterprise cloud services providers are looking to use their security expertise and controls as fundamental differentiators of their services.

The new ‘healthcare-enabled’ data center and cloud services from Terremark, Verizon’s managed IT services arm, are a case in point.  Terremark is hoping to capitalize on its skill set and substantial portfolio of security and compliance solutions to build a case to healthcare organizations for both its traditional offers and its cloud services.  The provider is willing to guarantee its controls are robust enough to meet HIPAA/HITECH security specifications, offering customers a very attractive incentive to consider its services.

Are security concerns keeping you from moving forward with cloud deployments?  What kind of guarantees are you looking for from your providers?  If you are moving forward with your plans, are providers meeting your expectations with respect to security and compliance?