Public Cloud Adoption: Are Integration Concerns Valid?

Deloitte Debates


Subscribe to receive updates when new Debates are released:
 Receive emails | RSS icon RSS (What is RSS?)

Potential cost savings and increased agility are leading to an increase in the rate of public cloud adoption. Yet, some CIOs are resisting this trend, citing concerns over integration and security. Should these concerns be a barrier to adoption?

Across sectors, companies large and small are improving sales and realizing operational efficiencies, agility and cost benefits by adopting public cloud solutions. By some estimates, public cloud services will be a $159.3 billion market by 2020¹. Yet, despite a growing body of implementations with demonstrated results, some CIOs remain skeptical about cloud solutions, specifically about the amount of time required to integrate them and whether sensitive data can be truly secure in a public cloud. For many adopters, neither issue has proven insurmountable or, for that matter, particularly challenging. Still, for others, these issues remain a barrier to public cloud adoption.

Explore all sides below by clicking on each button:

  • Here's the debate
  • My take
  • Join the conversation
Integration could be problematic.
Sure, the public cloud offers demonstrated benefits. However, I’m concerned that integrating the cloud with my existing systems could be challenging and disruptive. I would likely be adopting an entirely new IT model,  and there is no way to do this in a timely manner.
Integration concerns aren’t unique to the cloud.
Integration to mature cloud solutions is not materially different than integrating to other packaged applications. It can put pressure on organizations to have a more robust data management and integration architecture, but that work is likely of value to the organization anyway to allow for flexibility, agility and appropriate levels of data integrity.
My data could be compromised.
I’m concerned about the safety of my data when I transfer it to the cloud during integration, and storing it there at all.
Public clouds are more secure than you may think.
Leading SaaS vendors support security standards for encryption in transit and at rest; usage of encryption gateway architectures allows for maximizing business capabilities in the cloud while maintaining encryption at rest, providing a valuable solution where there are compliance and regulatory challenges.
Won’t this limit my ability to extend service layers?
My integration investments—like my SOA layer, for example—are on premise.
Not at all. You can easily add additional layers.
Public cloud solutions are naturally designed to extend existing service layers, and iPaaS tools and prebuilt connectors can also accelerate delivery for certain use cases. We’re already seeing the emergence of solutions which pre-integrate leading SaaS capabilities to provide end-to-end process enablement.

My take

John Peto, Principal, Deloitte Consulting LLP

CIO concerns over public cloud integration challenges and security capabilities are understandable. After all, to hear some cloud vendors describe their offerings, virtually any company can deploy a public cloud solution—one that is sufficiently secure, of course—in a matter of minutes. A closer look at both issues reveals that yes, integrating a public cloud solution can be a more complex undertaking than vendors might have you believe. But, the principal integration activities required differ very little from those that have been used for decades to implement new systems.  

While it may take a bit more time to architect, build and integrate a public cloud solution for an organization that’s new to the cloud, the complexity you encounter may likely be no more challenging than that involved in the integration of a private cloud. Moreover, you can address it by using many of the same integration strategies and processes that you may have used to deploy internally sourced capabilities. For example, making the decisions of what data to replicate from a customer master into a sales activity management system, versus what to provide ‘real-time’ but not store, should be done whether that activity management system is on premise or in the cloud.

Moreover, once an architectural foundation is in place, integration of cloud applications can be accelerated. There has almost always been a marketplace for ‘connectors,’ prebuilt process integration middleware or prebuilt point-to-point connectivity between on-premise applications — the effectiveness of the offerings in this space is inversely proportional to the level of customization of those applications. With SaaS applications and their more forced set of standards, making it still possible but much more difficult to “over customize,” we have seen the promise of “integration as a service” finally realized, and in the cloud most of all.

Regarding security, there can often be inherent risk in taking data into the public cloud. Yet, those risks can be mitigated by choosing a provider that adheres to broad security standards, and deploys both in-house and provider authentication, authorization and data security techniques. CIOs can also require that vendors undertake regular security audits, and support on-premise security capabilities — for example, encryption keys that make it possible to encrypt data in the cloud, while maintaining on-premise control of the encryption functionality.

There may be sound reasons not to deploy a cloud solution, but concerns over integration challenges and security should not be the driving force behind such a decision.   

Related content

Library: Deloitte Debates
Services: Consulting
Overview: Technology


 By participating in this poll, you consent and acknowledge that your responses may be disclosed without attribution by Deloitte in future publications and you are authorized to respond to the poll on behalf of your company.

1Ried, Stefan and Kisker, Holger, Sizing the Cloud, Forrester Research, April 21, 2011.

As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.