Services for Organizations

Using our research, best practices and expertise, we help you understand how to optimize your business processes using applications, information and technology. We provide advisory, education, and assessment services to rapidly identify and prioritize areas for improvement and perform vendor selection

Consulting & Strategy Sessions

Ventana On Demand

    Services for Investment Firms

    We provide guidance using our market research and expertise to significantly improve your marketing, sales and product efforts. We offer a portfolio of advisory, research, thought leadership and digital education services to help optimize market strategy, planning and execution.

    Consulting & Strategy Sessions

    Ventana On Demand

      Services for Technology Vendors

      We provide guidance using our market research and expertise to significantly improve your marketing, sales and product efforts. We offer a portfolio of advisory, research, thought leadership and digital education services to help optimize market strategy, planning and execution.

      Analyst Relations

      Demand Generation

      Product Marketing

      Market Coverage

      Request a Briefing

        David Menninger's Analyst Perspectives

        << Back to Blog Index

        Cloud Computing Realities Part 4 — Security and Governance

        In previous perspectives in this series, I’ve discussed some of the realities of cloud computing including costs, hybrid and multi-cloud configurations and business continuity. This perspective examines the realities of security and regulatory concerns associated with cloud computing. These issues are often cited by our research participants as reasons they are not embracing the cloud. To be fair, the majority of our research participants are embracing the cloud. However, among those that have not yet made the transition to the cloud, security and regulatory concerns are among the most common issues cited across the various studies we have conducted.

        While organizations should continue to be disciplined in their approach to security and regulatory compliance, cloud providers now offer approaches with these requirements in mind. The reality in this Ventana_Research_BR_Analytics_and_Data_Q35_Cloud_Concernscase may be that cloud providers have more resources to devote to complying with various industry and governmental regulations than all but the largest organizations. Compliance and certifications have become competitive differentiators or, in some cases, a competitive necessity among cloud providers. Organizations can easily find providers with CCPA, FedRAMP, GDPR and HIPAA compliance, just to name a few. Listings of compliance programs for the major hyperscalers are available including, for example, Amazon Web Services (AWS), Google Cloud, and Microsoft Azure.

        Platform certification is just the first step. Organizations also need to confirm that their software-as-a-service (SaaS) application vendors are providing the appropriate security and regulatory compliance. Vendors have made varying degrees of progress on their certifications, so it is important that organizations evaluate each vendor in light of their own requirements. However, if a SaaS vendor has achieved the certifications an organization requires, it can help justify movement to the cloud. It’s one less burden on an organization’s internal resources in much the same way using SaaS removes the burden of installing, configuring and maintaining servers.

        Certifications of platforms and applications must be accompanied by good data governance as well. Regardless of whether an application is deployed in the cloud or on-premises, lax data governance policies can expose an organization to data breaches, fines and a damaged reputation. Our Data Governance Benchmark Research shows that organizations that have adequate governance technologies and use them frequently outperform those that do not.

        However, organizations cannot abdicate security and governance entirely to the cloud platform and application providers. Organizations must use a variety of platforms and applications. They must monitor security and governance associated with these applications both to prevent and respond to attacks specific to their organization and to ensure the applications are performing adequately. A number of vendors provide security information and event management (SIEM) and observability to monitor both cloud and on-premises applications. We’ll address these vendors in a series of future perspectives.

        As in the previous perspectives in this series, the point is not to discourage use of the cloud but to ensure organizations are aware of the realities of cloud computing. In many cases, security and governance concerns may be alleviated rather than exacerbated by cloud-based deployments. It is appropriate to go in with your eyes wide open, but it’s no longer appropriate to blanketly dismiss the cloud due to security and regulatory concerns.


        David Menninger


        David Menninger
        Executive Director, Technology Research

        David Menninger leads technology software research and advisory for Ventana Research, now part of ISG. Building on over three decades of enterprise software leadership experience, he guides the team responsible for a wide range of technology-focused data and analytics topics, including AI for IT and AI-infused software.


        Our Analyst Perspective Policy

        • Ventana Research’s Analyst Perspectives are fact-based analysis and guidance on business, industry and technology vendor trends. Each Analyst Perspective presents the view of the analyst who is an established subject matter expert on new developments, business and technology trends, findings from our research, or best practice insights.

          Each is prepared and reviewed in accordance with Ventana Research’s strict standards for accuracy and objectivity and reviewed to ensure it delivers reliable and actionable insights. It is reviewed and edited by research management and is approved by the Chief Research Officer; no individual or organization outside of Ventana Research reviews any Analyst Perspective before it is published. If you have any issue with an Analyst Perspective, please email them to

        View Policy

        Subscribe to Email Updates

        Posts by Month

        see all

        Posts by Topic

        see all

        Analyst Perspectives Archive

        See All