Home : Security : Features

Can security concerns kill cloud computing?

The IT industry has identified cloud computing as a major trend for the future. But how much of a barrier to its development and adoption will security be?

By Miya Knights, 23 Apr 2009 at 16:22

It seems as though not much new is happening in enterprise IT development that doesn’t involve the cloud.

The uptake of outsourcing and software-as-as-service (SaaS) based delivery models has softened end-using organisations to the idea of not necessarily owning the IT infrastructure their business may rely on. The advent of the cloud has even encouraged blue-sky thinkers to declare it will, one day, render the IT department redundant.

But, despite the advent of more and more data centre-as-a-service-type launches, recent security issues involving the likes of vendors such as Salesforce.com and Google Docs have thrown a spotlight on the security risks associated with running IT in the cloud.

“There’s been a lot of hype around cloud computing recently,” said Ian Osborne, project director of the Grid Computing Now! initiative of IT trade body, Intellect. “It offers enterprises the opportunity to flex their IT infrastructure more dynamically to meet demand.”

Open challenges

But he told IT PRO there were inherent challenges in extending cloud infrastructures out to enterprises in an open, virtual or ‘utility’ based way. “With very little agreement on standards, the issues of provisioning, security and ownership of the data could be major inhibitors to adoption,” Osborne said.

In response, both enterprise IT suppliers and consumers have stepped up attempts to close security loopholes and offer best-practice solutions and guidance on governance, standards and compliance. In fact, it was just over a year ago that Gartner first warned IT organisations that alternative delivery models like cloud computing would make the governing principles that worked with the traditional models of buying, building and accessing IT irrelevant.

David Mitchell Smith, vice president and Gartner Fellow, said: “Why pay to build it and maintain it, if you can buy it in at a fraction of the price?”

But he added that one of the main challenges for IT organisations in adapting to this next technological revolution will be dealing with the cultural impact both internally and in the way IT interfaces with other functional areas, which is exactly where loopholes around data governance can open up.

Jericho looks to best practice

Earlier this month, the independent security expert group Jericho Forum announced it was focusing its activities on establishing best practices to meet the challenges of collaborating securely in the cloud. As a result, it has published a cloud cube model designed to provide clarity of vision on the essential areas organisations need to consider when evaluating a cloud-computing environment.

“The cloud approach to organising business can be both more secure and more efficient than the old-style silo structure,” said Adrian Seccombe, Jericho Forum board member, who is chief information security officer and senior enterprise information architect at healthcare giant Eli Lilly. “Viewed from a different perspective it opens a potential Pandora’s box of security nightmares…not least of which is loss of data confidentiality and integrity.”

1 2

Email to a friend

Print this page

2 comments

You need to Login or Register to comment.

Businesses must be aware of what they are getting into

The benefits of cloud computing are indeed compelling, creating a centralised method to access shared data, significantly lowering costs and reducing data centre space, power and cooling. However, organisations must realise that accountability for valuable business data cannot be as conveniently outsourced. Companies could be exposing themselves to a business continuity disaster. In many ways cloud computing resembles the Application Service Provider (ASP) model that was prolific prior to the dot-com crash, and a lot of those providers are no longer around. We must remember that management will always be responsible for protecting company and customer data. It is therefore essential when moving towards cloud computing that businesses consistently ensure the health of the cloud-provided services. This includes gaining complete confidence that the cloud provider is a viable, stable business with assurances and protections, such as comprehensive risk and security defences in place, to safeguard business data. Alongside guarantees from the provider, businesses must also ensure that they have an alternative strategy in place in the case of any disruptions or loss of connectivity to the cloud-based service. This includes awareness of any of the provider’s fallback plans and commitments that may jeapordise valuable information. Businesses also need to bear in mind that any interruptions to cloud computing providers may have to be dealt with on both a short- and long-term basis, depending on the nature of the disturbance. Whilst the benefits of moving to the cloud are evident businesses must be aware of what they are getting into, and be able to mitigate the risks. Yours sincerely, Andrew Heather General Manager, EMEA Tripwire www.tripwire.com

By Ip_olivean9b2a7c on Friday Apr 24

Cloud Security Challenge Awards 2010

Cloud Computing continues to be a hot topic with the issue of security still a huge concern from our studies. Global Security Challenge LLP hold competitions throughout the year and will be launching The Cloud Security Challenge 2010, in conjunction with HP Labs to encourage start ups/indiviuals to bring forward their ideas/innovations that will help to address this concern. Winning ideas will receive a cash prize of £10,000 plus ongoing mentoring. Details of this are available at http://www.globalsecuritychallenge.com

By GloSec on Thursday Dec 17

For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on pictures@dennis.co.uk