I don’t know about you, but an increasing amount of my life is stored in the internet cloud these days.

I make daily use of online email, photo storage, and data backup services. Documents I need to access from different locations live in Google Docs, and social contacts are kept up to date via Facebook.

Your data - free as a cloud

In the world of work, a similar trend is happening. Where once companies had little choice but to purchase, install and manage their IT systems in-house, growing numbers are now taking advantage of “in the cloud” services.

They come with various names – Software as a Service (SaaS), on-demand computing, hosted apps – but they’re offering a similar proposition. Why bother with all the hassle of running your own IT applications when someone else can do it better and more cost effectively?

While some core business applications are unlikely ever to be run in this way (think core banking systems for example), for others it can make a lot of sense.

Leading the charge in this evolving race has been hosted applications specialist Salesforce.com. Offering an in-the-cloud customer relationship management (CRM) system, the company has rapidly carved out a lucrative global market. Its customers can have access to a fully featured CRM system, accessible via a browser interface, without the need for any on-premise equipment or IT management skills.

The success enjoyed by Salesforce has prompted the more traditional business software vendors to jump into the hosted space. Heavyweights such as SAP, Oracle and Microsoft already have offerings in the market.

But while hosted business services make a lot of sense, they don’t come without risks. Recently Salesforce.com attracted a lot of unwanted attention when it was revealed one of its employees had fallen for a phishing scam.

The employee’s mistake provided the phishers with customer details including first and last names, company names, email addresses and telephone numbers. This allowed the crooks to then send emails which looked as though they had come directly from Salesforce.

While most customers were unaffected, some report their employees unwittingly revealed their passwords to the phisher, thus opening up their company’s core customer data to more potential abuse.

While it should be pointed out that such problems could also happen to companies that have kept their applications in-house, it does serve to highlight the extra risks associated with entrusting things to a third party.

Another factor is access and reliability. If you’re relying on cloud-based services, what happens during a network outage or failure? At least if the systems are sitting in a back room, getting them up and running again is something under your control.

Sure, most established hosting companies offer impressive service level agreements, but that’s cold comfort when business grinds to a halt because staff can’t access critical data.

Cloud-based systems certainly have a place in the business world, but it would be a brave company that entrusted its entire IT infrastructure to them. A better approach is to go for a mix – outsource non-core systems while keeping those on which the very existence of your operations depends safely in-house.

The days of all IT services being delivered in the same way as power or water are still a long way off – despite what providers might like to believe.