The main concern companies have in migrating to the cloud is security. That in one sentence covers cloud computing greatest hurdle, as more and more companies are beginning to see the benefits (economically) of moving their infrastructure and data to the cloud, the major turn-off is control. In essence, the greatest advantage of cloud computing is also it’s biggest detractor. Companies (especially non-IT companies) are really interested in letting someone else run their IT infrastructure, but their uncomfortable letting someone else run the IT infrastructure due to the security concerns.

In my work, I often deal with PCI-DSS (Payment Card Industry Data Security Standard), which is a benchmark of sorts on how secure your servers are. In the banking world, any application,system or vendor hoping to store, transmit or process credit card information needs to be PCI-DSS compliant. If you thought pronouncing the acronym was difficult, adhering to and complying to the standard is even more so. In fact, the direction now is to use certain ’tricks’ to avoid having to be PCI-DSS compliant, including implementing point-2-point encryption (thereby disregarding the need for PCI-DSS compliance on all intermediary systems) or using tokenazation (to replace the card number with a token that can redeemed from a secure vault). The main direction is clear, compliance to security standards is mandatory and non-negotiable, but it’s also expensive and time-consuming, and anything that can help reduce the effort and cost is really taking off (just ask shift4).