It's not hard to see why so many CIOs are excited about cloud computing. As touted by some in our industry, ‘cloud' is a way of giving your organisation all the IT services you need while eliminating all or most of your investment in both hardware and software - and cutting out the costs and problems that come with that investment. To the sceptic, it all sounds like black magic. Yet the number of true believers is rising by the day, and now includes some of our bluest of blue-chip companies. So how realistic are the claims made for cloud, and what are its true benefits, risks and costs?

It is easy to appreciate the upfront appeal of turning computing into a pay-as-you-go utility just like gas, electricity or cable TV. After all, every CIO knows the problems that can, and often do, arise with the conventional approach to IT. The mega-projects that take an age to deliver - and are obsolete by the time they go live. The ‘scalable' applications that mysteriously only scale upwards - along with the costs - but never downwards. The applications so tightly customised that they lock you in a straitjacket. The ‘minor configuring' that turns any future upgrade into a nightmare. The licensing and support costs that eat the lion's share of your budget.

With so many issues, it is small wonder that more and more CIOs are thinking the previously unthinkable about the most fundamental ‘make or buy' decisions in IT. Can they really simply take an IT service down the wire? Can they let someone else worry about software upgrades, storage capacity, fault tolerance, response times - and do all this at acceptable levels of cost, quality and risk? Can cloud really eliminate the huge expense of purchasing and managing software and hardware. Can new applications be developed and deployed, as often claimed, in a fraction of the time that the conventional approach would require?

The answer is unfortunately not clear cut. In cloud as in all areas of computing, there is no ‘one size fits all' solution - it all depends on your needs and circumstances. Likewise the term ‘cloud computing' involves a broad menu of services from which you can choose. These range from the software cloud, also known as Software-as-a Service (SaaS) - specific applications such as CRM that run on the service provider's hardware - to offerings such as the hardware cloud, the desktop cloud and Platform-as-a-Service (PaaS). What are these? The hardware cloud comes from providers giving you access to their servers, storage and networks on a pay-by-use basis. Initially aimed at smaller organisations, such services are often available ‘from tonight' and can be bought on the web with a credit card. The desktop cloud aims to provide all the usual office applications with the same user experience as if running locally. Most ambitious is PaaS, aiming to provide applications and hardware plus a development environment and an integration environment.

In deciding whether any of these items on the cloud menu could solve some of your challenges, there are lots of factors to consider. For many, security will come first. How safe will your data be when it is being stored and processed by a third-party provider in a remote - almost certainly low-cost - location? Actually the answer might be ‘very safe indeed', given that cloud providers are making the kind of investments in security that most in-house IT departments couldn't afford. Time pressure is another key factor, and it is true that the software cloud can often give you ultra-rapid deployment.

But arguably the most critical factor is the more subtle question of how genuinely you want a pure service, with no concern about how it is provided or from where. Legal and regulatory constraints (eg data protection laws) might rule out the ‘pure service' idea for many organisations, especially in the public and financial sectors.

Despite these issues, cloud is making impressive inroads in all sectors, in organisations large and small. And a particular risk for CIOs is the private initiative from their own internal customers. Just as in the 1980s, when many departmental minicomputers were bought as a ‘protest vote' against perceived limitations of the corporate mainframe, so today there are plenty of examples of maverick teams going it alone to sign up with SaaS providers, for example where the corporate CRM system is seen as poor. Cloud can seep in through the back door - helped by the fact that no capital expenditure is involved. And CIOs who ignore it could get sidelined.

So love it or hate it, CIOs cannot ignore cloud computing. They need to gain experience of this unfamiliar territory but do so in a low-risk way, ideally by choosing it for new applications needed quickly and at low cost, and involving little or no integration with other corporate systems. Examples include IT support for joint ventures - often best kept at arm's length from the mainstream business, or development and testing environments, especially if these use dummy, not real, data.

This bold but cautious approach is in fact the way that many have ventured successfully into the cloud - and found that it can have a silver lining!