The acceptance of cloud computing by the corporate world is one of the fastest growing information technology (IT) trends today. By 2011, around 20% of all infrastructure-related services will be cloud orientated, with fees levied on a pay-as-you-go basis, say industry watchers.
On-demand cloud services, including online collaboration tools and social networking platforms, are able to deliver speed, efficiency and marketing advantages to businesses over and above the obvious cost benefits, which are said to be as high as 20% to 30% of total IT expenditure.
By moving the focus of IT applications beyond the confines of traditional corporate infrastructures, business processes are also simplified and streamlined.
Regrettably, cloud computing also has a dark side. It has been accused of exposing organisations to unnecessary security risks. It's a charge that cannot be taken lightly, or go unchallenged.
According to information technology research and advisory company firm Gartner, 'smart customers' should ask tough questions (about security) before committing to a cloud vendor. It counsels potential cloud computing converts to avoid vendors who refuse to provide detailed information on security issues.
Knowledge is power
What exactly are these security issues?
Privacy heads the list. Organisations need to ensure their privacy needs are met by a service provider. These include secure access when connecting to cloud services and they encompass authentication/ authorisation and endpoint security validation.
Outsourced or hosted cloud services often bypass the physical, logical and personnel security controls of traditional in-house systems and services. So it's best to take Gartner's advice and adopt a 'belts-and-braces' approach to security, by gaining as much information as possible about the service provider and its staff who come into contact with sensitive information before contracts are inked.
The next logical step must be to have a clear understanding of the location of corporate data. One of the strategies being driven by cloud computing is to lower the cost of inactive data (which is often stored in costly high-end storage repositories) by archiving it to lower cost storage.
Cloud computing also has a dark side.
Martin May is regional director of Enterasys Networks.
There is a strong possibility it may reside in a repository outside the country, where the host is able to take advantage of economies of scale and other cost benefits.
While this is not necessarily an adverse situation, as suggested by cloud computing sceptics (as cost breaks are most likely passed on to the user), decisions should not be taken by the service provider alone, but in concert with the customer.
Data segregation is another security challenge. Because the cloud is a shared environment, there is concern that one company's data might not be effectively segregated from others'. In the US there is a call for the reformation of the Electronic Communications Privacy Act and the modernising of the Computer Fraud and Abuse Act.
These actions will surely have repercussions in South Africa's legal system in due course. In the meantime, it is best to deploy only exhaustively tested and proven encryption schemes within the cloud. Gartner states the obvious when it warns that encryption accidents can make data totally unusable.
Call for backup
Should a disaster occur and data is lost for whatever reason, cloud computing detractors maintain that hosts are not in a position to replicate the lost data - or even the application infrastructure - because their security offerings are no better than traditional backup solutions.
While this may have been true a few months ago, today there are many traditional backup system vendors that have stepped into the breach, designing comprehensive backup and recovery solutions for use in the cloud-by-cloud hosts and cloud computing users.
One of their primary target markets includes companies planning disaster recovery scenarios. They point out that compared to a physical off-site disaster recovery centre - characterised by costly servers, storage and networking infrastructures - a cloud computing solution is an obvious low-cost alternative.
Despite the uncertainties surrounding many aspects of security in the cloud, in reality, overall security provided by cloud computing hosts and their associates is often as good as - if not better than - the security barriers common to most traditional computer systems.
This is because security is actually enhanced when data is distributed over a wider base, multiple sites and a large number of devices.
What's more, cloud computing hosts and service providers generally devote more resources in terms of man-hours, effort and money to identify security challenges and resolve issues than most customers for whom security is not a core business activity.
* Join Martin May on Facebook: http://www.facebook.com/martin.may.enterasys
Share