Gartner Blog Network


The Dilemma that is Cloud

by Jay Heiser  |  June 3, 2013  |  1 Comment

Life in the cloud would be so much easier if there were only some sort of ‘cloud risk seal of approval’.  Most public cloud services seem to offer a reasonable risk proposition, but its extremely difficult to provide defensible evidence of this. A comprehensive and well-accepted ‘standard’ would go a long way towards bridging this gap.

Working towards the revision of the Hype Cycle for Cloud Security (which will be published in July), I wrote the following text: “Current standards only have a relatively small amount of material relating to the design, build and test phases of technology, which means that they are not yet able to fully address all risk-relevant aspects of a provider’s offering.”

In our internal peer review process, analyst Khushbu Pratap noted “This is because the move to cloud was meant to get rid of this headache. The service beneficiaries continue worrying about assurance in these areas. Cloud has taken away the whole implementation and maintenance piece but outsourcing cloud assurance is still a risky bet.”

I think that very neatly summarizes the inherent dilemma of using a commercial cloud service provider. 

Category: cloud-computing  security  

Tags: certification  hype-cycle  standards  

Jay Heiser
Research VP
6 years at Gartner
24 years IT industry

Jay Heiser is a research vice president specializing in the areas of IT risk management and compliance, security policy and organization, forensics, and investigation. Current research areas include cloud and SaaS computing risk and control, technologies and processes for the secure sharing of data… Read Full Bio


Thoughts on The Dilemma that is Cloud


  1. […] can read the read on the Gartner blog site at The Dilemma That Is Cloud. Share this:TwitterFacebookLike this:Like […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.