The need to manage risk will result in organisations adopting hybrid clouds as the preferred cloud delivery model, according to Dean Kingsley, who heads the technology risk practice within the Enterprise Risk Services division at Deloitte in Sydney.
The public cloud delivery model, the idealised form of cloud computing, includes easy scalability to cater for business growth, elasticity to enable scaling down as easily as scaling up, and multi-tenancy to reduce costs.
"That's a very, very tough business model to pull off at enterprise scale across key applications," Kingsley told the ISACA Summit in Sydney yesterday, pointing to recent outages by Amazon and Microsoft.
According to Gartner's Hype Cycle for Cloud Computing 2011, the public cloud model has just passed the peak of inflated expectations, and will soon plunge into the trough of disillusionment. It'll be two to five years before organisations realise the benefits of the public cloud.
"Every organisation will have some things that they are happy to take the risk of the public cloud, and they want the cost savings of scale," Kingsley said. That might include some forms of hosted email, productivity applications and social networking.
However the public cloud generally won't be appropriate for enterprise applications.
"That's the realm of private clouds, but according to the Gartner Hype Cycle that's less mature," Kingsley said. "The eventual reality will be the hybrid cloud, the least mature of the delivery models."
Cloud security and risk standards are also very immature. According to Gartner it'll be five to ten years before their mainstream adoption.
"We're still some way off," Kingsley said. "I wholeheartedly agree with the statement from Gartner that the cloud would have to be the most hyped issue in IT today."
Kingsley says CIOs are confused by cloudwashing, which he defined as "people over-selling and over-hyping the benefits of the cloud, or misusing the word 'cloud' to describe anything in IT so you can sell it."
ISACA was previously the Information Systems Audit and Control Association, but now goes by its acronym only "to reflect the broad range of IT governance professionals it serves".
Contact Stilgherrian at Stil@stilgherrian.com or follow him on Twitter at @stilgherrian