The hype about cloud computing has gotten so loud that Gartner Group used Cloud as the lead in its hype-parazzi special report Hype Cycle 2009. The sharply sloping graph in the report places \n\ncloud, along with e-book readers, wireless power and social software suites, at or near the "Peak of Inflated Expectations," preparing for a dive \n\ninto the "Trough of Disillusionment."One thing that may drive it into that trough \u2014 other than the unrealistic projections by some providers of cost-savings and easy capacity \n\nplanning \u2014 is the difficulty in getting certain applications to run on it effectively, according to analysts and vendors selling technology to help \n\nbridge the gap. What are the difficulties? Here's a look at five key hurdles.1. Today's clouds are not alike\nNo one "cloud platform" exists \u2014 each is different, meaning the specific migration, support, cost and capacity issues vary from vendor to \n\nvendor. And moving a legacy application to the cloud means taking a proven quantity in a known environment and moving it to a new environment \n\nthat will make almost everything about it different, according to Bernard Golden, CEO at HyperStratus, and CIO.com blogger.\n\n[For timely cloud computing news and expert analysis, see CIO.com's Cloud Computing Drilldown section. ]"Legacy applications come with a lot of integration with your other systems, and usually they had to be done fast, so you have a lot of direct \n\ndatabase calls from one application to another and that kind of thing that may not work when one endpoint is outside the perimeter," according to \n\nGolden."There's the tiny straw issue, too; there is an order of magnitude more bandwidth available inside the data center than outside it. And you have \n\nto decide whether it's important that you manage everything from one pane of glass, because the management tools are not up to doing that with \n\ncloud and legacy applications yet," Golden says. "There are a lot of basic technical issues that are often not addressed."2. Security worries\nSecurity gets top billing as a risk of cloud computing because the idea is new and the locks aren't as fully tested as those on legacy applications. \nAt least as big an issue for many companies is knowing who is using the applications or accessing the data, whether they have permission to do so \n\nor not, according to Chris Wolf, infrastructure analyst at The Burton Group. \n\nCloud Security: Danger (and Opportunity) Ahead"For enterprises that have security or compliance concerns, multitenant cloud infrastructures are just non-starters right now, because the tools \n\nto monitor or control that has not been addressed yet," he says. Single-tenant clouds \u2014 that is, cloud platforms a company owns and manages itself \u2014 only solve part of that issue. Being able to \n\nphysically limit access to the cloud by controlling the rest of the IT infrastructure makes the contained cloud safer, but still doesn't provide the \n\ndetailed audit trail many companies need to comply with financial or privacy regulations, Wolf says.3. Licensing and interoperability concerns\nLegacy applications are supposed to be the creaky inflexible problem when it comes to migration, but neither major software vendors nor cloud \n\nproviders are making the migration any easier, Golden says. \n\nWhile most legacy applications have been upgraded from the homegrown, no-public-standards era of corporate computing, most are built with \n\ndatabases, communications or data-translation modules and other commercially-licensed technology. That means vendors like Oracle, Siebel, SAP \n\nand others would have to change their licensing to support "three weeks running on three servers, then one week per month expanding to ten and \n\nonly paying for the capacity you use," Golden says. "Most licenses are still tied to one physical box, although Oracle has made some movements in \n\nthis direction. Legacy apps typically also don't typically support the newest technology except in the user interfaces that aren't part of their cores \u2014 \n\nexactly the technologies on which cloud platforms are built. Microsoft Azure is based on its .Net programming architecture, which most legacy \n\napps are not. Google's App Engine is designed to support software written in Python \u2014 a Web-friendly language popular with developers \n\nof PHP-based software running on Web servers. Salesforce.com has a proprietary application and data structure. 4. You don't know your own legacy\nYour company may live and die by its line-of-business applications, but that doesnt mean you know everything going on behind the \n\nendlessly-customized codes, interfaces and forms that started out as business automation and turned into a rigid legacy application, according to \n\nCEO Mark Cashman and CTO Steve Yaskin of Queplix. \n\nQueplix's tools are designed to extract data, metadata, business logic and security information from legacy applications using a mix of \n\ncustom-written and canned analysis and conversion utilities, so the resulting code can be run on cloud computing platforms \u2014 usually \n\ninternal clouds rather than public ones.With all the data, data structures and policy guidelines extracted, Queplix can analyze security, data-access and compliance rules from both \n\ncommercial and homegrown apps \u2014 often finding huge holes in the process."We run a report that will show big holes in security that security people don't know about and they don't like when they see it," Yaskin says. \n\n"Siebel isn't designed to share [access control list] data with SAP and vice versa, so no one knows users have all this access; when we take all that \n\nout, you can see the access points and potential breaks in security and turn them to your advantage."Queplix sells a set of software development, analysis and conversion tools designed to extract data, business logic and security information \n\nfrom legacy apps so they'll run in cloud-computing environments. 5. Migration is manual and darn few tools will help\nEven at their best, Queplix and its competitors \u2014 master data management (MDM) providers such as Siperian and Initiate Systems \n\n\u2014 convert only a portion of the application and data, leaving the end-user or service provider to deal with the rest, according to John \n\nAbbott infrastructure analyst at The 451 Group, who published an evaluation of Queplix recently. Yaskin estimates Queplix' best shot automates \n\n85 percent of the migration. When will the situation improve?\n\nVMware, which bought application-virtualization-developer Springsource earlier this year, is working on the problem, but not for legacy \n\napplications. Smaller companies such as the Israeli firm Gizmox will put an AJAX GUI on a legacy app and run that in the cloud, but don't take \n\ncare of its guts. SAP and IBM \u2014 both of which have extensive custom-development and migration divisions \u2014 are also working on \n\nlegacy-to-cloud migration tools, as is Oracle and Cobol-stalwart Micro Focus, Abbot says. So does Oracle, which is adopting technology \n\ndeveloped by Sun. Follow everything from CIO.com on Twitter @CIOonline.