When it comes to cloud, sometimes the pitch seems a little too good to be true—save money, move capex to opex, increase productivity, ease management troubles, etc. Sometimes it feels as though the promises fall just short of, "It'll make your coffee in the morning."

Cloud, of course, can do all that—and more (okay, except make my coffee; there needs to be an app for that). According to a recent Symantec (NASDAQ: SYMC) survey, though, poor planning can negate many of the cost benefits of cloud computing and unveil a few hidden costs. The "Avoiding the Hidden Costs of Cloud 2013 Survey" found that hidden costs sometimes trip up SMBs, but Symantec is trying to be helpful by providing tips for side-stepping any potential pitfalls.

One of the largest issues is one that those in the know have been aware of for some time: Rogue cloud implementations are wreaking havoc on IT departments and shooting costs into near-earth orbit. Unfortunately, it's incredibly common, with 77 percent of businesses having found rogue cloud deployments in their organization in the last year. It's more common within enterprises (80 percent) than SMBs (70 percent), but it's a huge problem affecting companies of all sizes.

It's incredibly easy for end users or individual departments to go around IT bureaucracy by using a credit card to subscribe to cloud services, putting corporate data at risk because they're using unvetted cloud services. Additionally, IT ends up completely unable to manage the cloud resources. Of the organizations that reported rogue cloud issues, 40 percent experienced the exposure of confidential information, and more than a quarter faced account-takeover issues, defacing of web properties or stolen goods or services.

Rogue may be one of the most common problems leading to hidden cloud costs, but the survey also turned up a few other interesting data points, including:

  • 43 percent of organizations have lost cloud data, and 68 percent have experienced data recovery failures.
  • Cloud storage utilization is surprisingly low, at 17 percent. About half of organizations also admitted their data is not deduplicated, putting their companies at further risk. Either way, cloud storage is being used inefficiently.
  • 49 percent of organizations are concerned about meeting compliance requirements in the cloud, and 53 percent are concerned about being able to prove they have met cloud compliance requirements. It's a good concern to have, as 23 percent of organizations have been fined for cloud privacy violations.
  • Security of data in transit is also a significant problem, as organizations admitted it's a highly complex issue. Only 27 percent rate cloud SSL certificate management as easy. Only 40 percent are certain their cloud partner's certificates are in compliance with corporate standards. Those numbers are far too low.

Despite concerns and plenty of potential problems, it's not a hopeless situation. Symantec offered some advice to businesses that should help them avoid hidden costs associated with cloud:

  • Focus policies on information and people, not technologies or platforms.
  • Educate, monitor and enforce policies.
  • Embrace tools that are platform-agnostic.
  • Deduplicate data in the cloud.

"By taking control of cloud deployments, companies can seize advantage of the flexibility and cost savings associated with the cloud, while minimizing the data control and security risks linked with rogue cloud use," said Francis deSouza, group president of Enterprise Products and Services at Symantec, in a prepared statement.