Security is major barrier to adoption of cloud computing.

Security is playing a key role in the willingness of organizations to adopt cloud computing solutions, according to  a study recently released by Launchpad Europe, a business accelerator outfit based in London.

The study based on a survey of 105 IT security experts across the globe found that more than 50 percent of them identified security concerns as the primary reason their organizations were shying away from embracing the cloud.

Asked what their highest priority was when considering a cloud services provider, 37.9 percent cited security of the cloud infrastructure. Another 12.6 percent identified security procedures to protect their data centers as their highest concern.

The data collected by the researchers also suggests there is considerable doubt about whether those security worries can be met by a cloud vendor. Some 49.5 percent of the respondents told the pollsters their companies neither use nor plan to use the cloud in the next 12 months.

Other significant items when choosing a cloud vendor cited by the survey respondents were due diligence and track record of service provider (18.4 percent) and ease of migrating data from vendor’s service to a new service.

Among the companies participating in the survey who do have cloud deployments, 16.5 percent said they used public deployments; 16.5 percent, private deployments; 10.7 percent, hybrid; and 6.8 percent managed.

Although most of the survey participants were from North America (39.1 percent), the United Kingdom (29.9 percent) and Mainland Europe (12.6 percent), there were also respondents from Australasia (6.9 percent), the Middle East (5.7 percent), Far East (4.6 percent) and South America (1.1 percent).

“While cloud computing remains high on the corporate agenda, organizations’ concerns about cloud security will not go away overnight,”  Launchpad Europe Technical Director Mike Burkitt said in a statement. “Before businesses will feel comfortable transitioning to cloud-based services, they first need to be convinced that the business benefits of the cloud outweigh the security risks–and that goes for both service providers and the cloud infrastructure itself.”

“For organizations with in-house technical capabilities and a good financial situation, the answer to their security fears may lay in the private cloud,” Burkitt added. “Developing your own cloud-based system gives you choice, power and flexibility.”

Similar findings were released last month in a report from the European Network and Information Security Agency.

Admittedly, the benefits of the cloud for businesses are compelling, the report noted. Content and services are available 24/7. Costs can be controlled by better management of capacity demands on the data center. Scalability is smoother. Internal IT resources can be unleashed to do more mission critical and strategic chores.

Those benefits are the reason that the cloud market is expected to become a $44.2 billion market by 2013, from its current level of $17.4 billion.

Nevertheless, as the ENISA report’s editor Giles Hogben points out:

“The picture we got back from the survey was clear. The business case for cloud computing is obvious–it’s computing on tap, available instantly, commitment-free and on-demand. But the number one issue holding many people back is security–how can I know if it’s safe to trust the cloud provider with my data and in some cases my entire business infrastructure?”

The reservations that organizations have with the cloud are similar to the ones they’ve had with outsourcing  any important business activity. You’re at the mercy of the vendor; if its servers go down, you go down with them. If you want to cut the cord with a vendor, migration of services and content could be a problem. Will failing to maintain certain data internally cross regulatory boundaries? Is your data being properly deleted by the vendor?

Before ascending to the cloud, the ENISA recommends that a careful analysis be done to determine the advantages of the cloud to your organization versus handling matters internally. When choosing a vendor, service levels need to be defined in the agreement with the provider, as well as a clear delineation of responsibilities for the vendor and your internal IT people.

The cloud need not be a security conundrum, maintains ENISA Executive Director Udo Helmbrecht.

“The scale and flexibility of cloud computing gives the providers a security edge,” he asserts. “For example, providers can instantly call on extra defensive resources like filtering and re-routing. They can also roll out new security patches more efficiently and keep more comprehensive evidence for diagnostics.”