Cloud services have shifted from emerging to mainstream, with companies in even the most risk-adverse industries exploring and adopting cloud-based solutions. There are many variations of cloud offerings, but they generally can be categorized into three types of solutions: IaaS (Infrastructure as a service), PaaS (platform as a service) and SaaS (software as a service). Companies are seeking to leverage the potential scalability, flexibility, efficiency and cost-savings benefits of these offerings at an expediential pace. Analysts are predicting that in a little over five years, the global market for cloud services will hit the $1 trillion mark, see Global Cloud Computing Market Forecast 2019-2024, Mkt. Research Media (Jan. 8, 2018).

While companies are implementing cloud services across development, testing, production and disaster recovery environments, they typically are doing so with caution and significant diligence due to the perceived increase in cybersecurity and privacy risks. In a recent survey, over 80 percent of organizations polled expressed concerns about security, “Research Highlights the Importance of Cloud-Specific Security Capabilities,” Barracuda Networks, Inc. (Mar. 22, 2018). Hosting services (which cloud services are in their most basic form) by their nature pose risk with respect to the security of data and require heightened diligence, including review of identity, credential and access management, data breach response and remediation, security tools and management and vulnerability testing and oversight. Through thorough diligence, proactive steps and good governance, cloud solutions potentially can provide security that is as good as, if not better than, what a company can provide itself. Many companies are developing internal diligence models to evaluate cloud solutions, enabling more efficient adoption if certain standards and requirements are met. Companies are also reorganizing their internal IT departments to acknowledge the growing role of cloud services by adding cloud-specific resources, in the form of new cloud-specific roles, training and certifications.