Almost one out of every two companies across Australia and New Zealand believe that the risks of cloud computing outweigh its benefits, recent research from ISACA has found.
Just 18 per cent of companies felt that the benefits of cloud computing outweighed the risks, while one third said that there was an appropriate balance between the risks and benefits of cloud computing.
CIOs are increasingly interested in cloud computing because of its potential to deliver lower total cost of ownership, higher return on investment, increased efficiency and pay-as-you-go services.
Furthermore, cloud services will outpace traditional IT spending over the next five years and will represent approximately AU$51 billion by 2013, according to IDC research.
Yet ISACA’s research, which took in 218 IT professionals across Australia and New Zealand, found that less than 10 per cent plan to use cloud computing for mission-critical IT services and almost one third do not plan to use it for any IT services.
Consistent with this attitude is the appetite for overall IT-related risk in 2010. In the face of continued global economic uncertainty, and despite the potential to drive greater rewards, almost 60 per cent of businesses believe projects should offer the same or lower level of risk as 2009.
Not surprisingly, almost one third identified budget limits as being their enterprise’s greatest hurdle when addressing IT-related business risk.
“Moving to cloud computing represents a significant shift in how companies utilise resources, so it is not surprising that IT and business professionals feel there could be a number of potential risks in entrusting information to the cloud,” said Ria Lucas, international vice president of ISACA and investment manager at Telstra.
“However the advantages of speed, cost, flexibility and access to high value services will drive the business demand for cloud services, as the rewards have the potential to outweigh the risk. What is important, is that the transition to cloud computing needs to be viewed as requiring major governance review involving a broad range of stakeholders and a governance framework to address the changed risk landscape.”
The ISACA survey also gauged attitudes and behaviours related to IT risk management, and found that only 17 per cent of organisations in Australia and New Zealand are very effective at integrating IT risk management with their overall business risk management.
The most common reason for practising IT risk management was to ensure that current functionality aligns with business needs (25 per cent), underlining the need for sound business reasons to underpin IT change.
On the performance side, about 10 per cent of IT professionals see cost management as a driver for risk management, while 12 per cent see business change as the most important driver and 13 per cent choose improving risk-return balance.
Businesses are also concerned with complying with industry and government regulations, with almost 20 per cent reporting this as the main impetus behind risk management in IT systems, said Tony Hayes, director of ISACA.
The economic climate has had serious impacts on all aspects of business, including IT-related risk management activities,” he said.
The key driver for IT related risk-management should be balancing risk vs. return to drive profitable growth. Senior management should view risk management as a powerful tool to create value and we urge enterprises to focus on the performance side of the equation.”
In similar research, IDC recently surveyed risk managers within the US banking industry and found that more than 40 per cent will materially increase spending on risk in 2010.
However, IDC analysts suggested that senior risk managers will struggle to fulfill the need to improve processes that include data, analytics, and reporting to meet increased regulatory requirements while dealing with limited investment capital.
“In the aftermath of the financial crisis and recession of 2008 and 2009, risk managers are facing a new reality of issues, ranging from disparate databases to new regulatory demands in a tighter credit market,” said Dana Wiklund, research director, IDC financial insights’ global risk management practice.
“There is now a universal focus on enterprise risk management because of higher levels of business model oversight by regulators and investors. There is also increased stress on operational processes that deal with technology, compliance, and data security.”
Over the next couple of years, Wiklund noted that banks will need financial technology tools that widen their view of risk and risk interdependencies.
News