A study released this week shows that 73% of IT executives believe cloud providers are hiding performance problems.
Industry analysts say IT professionals are smart to be cautious, but added that they need to do their homework and ask the right questions before selecting a vendor.
"I don't know if it's a matter of distrust," said Jagdish Rebello, an analyst with IHS. "They are wary of the hype. The enterprise IT folks are being very, very cautious about their migration to the cloud. They see the cost benefits but when they look at reliability and security, there is essentially a fear of going wholeheartedly to the cloud."
Enterprises are still fairly new to the cloud computing phenomenon, but have long read headlines about cloud outages and security breaches, which, said Rebello, is enough to make any executive nervous.
"I'm not sure that cloud vendors are hiding information," Rebello said. "It could be more that there's just a lot of information IT people don't know. The comfort level is still missing."
A study by Compuware Corp., a provider of cloud-based collaboration and performance management tools, found that nearly three quarters of enterprise IT professionals worry that cloud providers are hiding problems at an infrastructure or platform level, and that those problems could have an impact on application performance.
The study was undertaken by Germany-based Research In Action, an independent research and consulting company. The firm surveyed 740 senior IT professionals at companies around the world.
Zeus Kerravala, an analyst at ZK Research, said it is possible that a cloud provider may whitewash issues like compute process speed and security problems. "Yeah, [the fears are] justified," he said. "You pay for a service and hope it works. Also, companies have no real control over the hiring policies and security checks that the cloud provider uses."
However, Kerravala noted that enterprises simply must do their homework before choosing a cloud provider.
IT should be up front about security concerns, and should ask vendors about hiring practices, what kind of internal audits they use and how they protect against threats. The IT execs should ask for audit information, performance benchmarks and where data is going to be stored, since some companies are mandated to store their data in the U.S.
Kerravala also recommended that IT operations perform their own performance benchmarks of a cloud provider's offering. Track the performance of the service and if it seems to be declining, call the cloud provider out on it.
"But I will say, though, most cloud providers probably have better security controls than most companies," he added.
Jeff Kagan, an independent analyst, said he's not surprised that IT execs are anxious about the cloud. It's a new area and anyone jumping in, even now, is still considered an early adopter.
"Early adopters know they'll get new services but they'll also have to deal with problems," Kagan explained. "The problems are just coming up and they don't have a fix yet. Yeah, they look hot with this new technology but they're the ones dealing with the problems. Some companies will adopt it late because they don't want to deal with any problems at all."
"I don't know whether it's accurate to say cloud providers are hiding things," Kagan said. "It's a brand new experience for everyone. Cloud operators just don't know what's hiding around the corner until they're hit with something and they get a bloody nose."
Kagan recommended that enterprises work with multiple providers. They also should ask about any problems the provider has had in the last six months to a year. And be sure to talk to other customers.
"Realize that every cloud provider will have problems," he said. "The real issue is how quickly they deal with them. And you're going to find that out by talking with other customers."
Rebello said while companies should be cautious about the cloud, they certainly shouldn't ignore its advantages.
"The cloud provides benefits but go at a pace that makes you feel comfortable," he added. "It's not a technology that you should shirk but try to get as much information as you can. Look at it and then move some applications that have lower security implications for the company. Move those first. And make sure you have a gradual transition."
Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, on Google+ or subscribe to Sharon's RSS feed . Her email address is email@example.com.