Another article, Security Is Chief Obstacle To Cloud Computing Adoption, on cloud computing and security. Last month Gartner had an excellent post. A Google search on “cloud computing” & “security” yields over 53 millions results. So, the concerns abound regarding security and I have posted before on how security is one of two critical issues, particularly with CIOs, with cloud computing. (The other being the “End User Experience.”)
The security concerns are valid and range from loss of control, compliance & legal, data protection, disaster recovery and confidentiality.
But companies, including Amazon, Google, Microsoft, Saleforce.com have implemented secure cloud infrastructures. Recently, the City of Los Angeles announced that it has just put it’s trust in Google apps for it’s 30,000 city employees. Salesforce.com, which we use internally at World Wide, is trusted by over 65,000 companies and million users. In addition to the SaaS firms, there are the hosting and infrastructure as a service companies like Savvis.
My thought is that these companies employ as competent and as strong of information security and risk management staff as any internal Fortune 500 IT organization.
I’m not suggesting it’s a trivial matter, but overcoming the “security obstacle” is possible. Besides, it’s not an all or nothing matter. Two deployment dimensions exists. First, the cloud paradigm is a continuum between private and public infrastructure. CIO’s concerned with security can take advantage of cloud technology and start within their own, private four walls. The second dimension is the type of data. CIO’s can decide which apps and information they’re most comfortable with moving to the public cloud.
When moving your apps and data to a public cloud, additional options exist for how that information is managed. Chris Black, leading our federal data center strategy, also reminds me of the cost element associated with the public cloud deployment dimension. Chris said in an email to me, “Cost is proportional to security. You can ask that your data [in the public cloud] be isolated and pay for the independent infrastructure and utilize/leverage the operational services. ”
Some transactions and information have a lower risk profile and, in fact, CIO’s have been letting millions of bits of private company information exit their four walls to the public cloud for years. That app? Corporate email. Payroll is another application with highly sensitive information that has been processed outside of IT’s four walls for years.
There are many sources of information regarding approaching security in the cloud. The ENISA Cloud Computing Security Risk Assessment is an excellent starter and provides an approach to:
- assess the risk of adopting cloud services;
- compare different cloud provider offerings;
- obtain assurance from selected cloud providers;
- reduce the assurance burden on cloud providers.
We should not forget that there are actual security benefits associated with cloud computing. From the same Report:
- Security and the Benefits of Scale
- Security as a Market Differentiator
- Standardised Interfaces for Managed Security Services
- Rapid, Smart Scaling of Resources
- Audit and Evidence-gathering
- More Timely, Effective and Efficient Updates and Defaults
- Benefits of Resource Concentration
Overcoming the security obstacle is well worth the effort to gain all of the much publicized benefits of cloud computing’s “ilities” (scalability, agility, flexibility) and its service/utility cost model.