Cloud computing: special report

"When it comes to cloud security the two most important things are the contracts you have in place and the vendor's track record," says Eversheds' Walters. "We had to know that our data would be fully secured at all times and also that we would know where the data would physically be stored."

Understanding these issues as well as others, such as data ownership and what happens if the cloud provider is acquired or closes down are key reasons why businesses of all sizes should form a strategy for moving to any cloud service.

Implementing cloud in the business

Implementing cloud computing can be a significant challenge for businesses. The very ease with which individuals in IT or elsewhere can buy cloud services can quickly lead to "cloud spaghetti", according to Forrester. As a result, IT departments need to have a policy on which tasks can be carried out by cloud computing, and which cannot, and how cloud services will be tied into existing IT infrastructures and security and privacy policies.

Although IT departments will not want to create overly-rigid rules for cloud computing, as this would eliminate many of the benefits, there is a case for having either a central list of approved cloud providers, or a set of policies which the business can use to determine if a task can be transferred to the cloud.

As well as privacy and security, key concerns around implementation of cloud systems include where any company data resides, and who owns code developed on the cloud platform. Businesses also need to understand from the outset whether a particular cloud system can integrate with other providers' platforms, as well as in-house software.