Seventy one percent of federal IT workers say pressure to rapidly adopt cloud-computing technology creates security risks for their organizations, according to a survey from Ponemon Institute, conducted in September 2011 and published Jan. 12 by SafeGov.org.

Given that only 61 percent of respondents said their agencies use FISMA to assess cloud providers, it's no surprise 54 percent expect their agency to experience a security breach within 12 months from an insecure cloud provider. Twenty percent of IT professionals say one of their cloud service providers already suffered a security breach in the past 12 months.

The survey is based on responses from 432 federal employees from 20 agencies that already use or expect to use cloud solutions within 12 months. Seventy-one percent are agency managers or executives, 51 percent work in IT-related jobs and 49 percent are non-IT workers.

According to federal IT respondents, cost savings and security aren't the most reason for moving to the cloud. Rather, 69 percent say "political mandate" is the most important reason for moving to the cloud, followed by cost savings, 35 percent; interoperability, 34 percent; improved efficiency, 31 percent; and increased security, 4 percent.

Even though cost-savings rank second in order of importance, federal IT workers aren't convinced agencies understand the true long-term cost of migrating on-premise applications and data to a cloud environment. Sixty-five percent say they were not confident in their agency's understanding of long-term cost, while only 8 percent are very confident in their understanding.

Respondents also don't expect much in the way of cost savings from cloud migration. Only 6 percent say they expect "significant cost savings," 21 percent expect "some cost savings" and 39 percent expect spending to remain neutral. Twenty-four percent actually say moving to a cloud-computing environment will increase costs somewhat and 10 percent expect costs to increase significantly.

The survey shows federal IT professionals as skeptical of cost savings and sensitive to the potential risks associated with cloud computing.

"To improve confidence, the lead federal agencies such as OMB and GSA should...provide greater transparency about cloud security and more credible data about the true cost of cloud services," wrote Ponemon Institute Founder Larry Ponemon and Peerstone Research Chief Executive Jeff Gould in a blog post.

Ponemon and Gould say leadership should also provide agencies with information on total cost of ownership--not just initial acquisition. TCO includes the "costs of migration, training, business process reengineering, customization, unplanned implementation delays, and the mitigation of unexpected security threats," they add.

For more:
- download the survey results (.pdf)
- see the blog post

Related Articles:
Public clouds for scientific applications cost up to 13x more
FedRAMP is mandatory for cloud providers, says McClure
NIST: Cloud providers should adopt portability standards