Cloud Computing – looking before you leap
Cloud computing solutions are the height of fashion.
Businesses craving to reduce their costs are looking at
creative ways in which IT budgets can be reduced and cloud computing offers,
superficially, a very attractive solution.
But how viable is cloud computing as a business solution,
and will organisational data be as secure as the hype implies?
The IT industry has gone into overload spinning every
variety of definition or description it can find to describe the process of off-loading
your data to a remote third party for their care and stewardship. What
initially appears as an easy solution to a complex problem can quickly unravel
as the realities of cloud computing are exposed.
Decisions to invest in cloud computing solutions need to be
taken in the cold, rational light of day when all of the obvious, and not so
obvious, problems can be examined and dealt with to the satisfaction of the
business.
Critical to this analysis are the security implications of a
cloud computing solution. Victims of blackmail often demanded that the
photographic negatives were returned to them. With data spread across a cloud
computing environment there is no such simple remedy.
Sending your data to a third party is a big step for many
organisations as the transfer of data highlights many issues including
politics, data regulations, data security, cost benefits and lack of direct
control of the data.
Bundling off your data, without giving the third party the
same treatment you would for bundling off your children or pets, will be a
recipe for disaster.
In July 2009, an employee at Twitter, the micro-blogging
site, had their personal email account hacked, following an alleged targeted
attack. This resulted in access to the company’s online Google Apps. Company
documents were then reportedly stolen and distributed around the web.
Rather than displaying a particular flaw in cloud security this
demonstrates the need for security basics no matter where the data is stored.
Of course internal servers get compromised on a regular basis but these
privately managed systems are a lot less likely to hit the headlines when
compromised than a cloud computing solution used by thousands, if not millions,
of people across the world.
The commonplace inside threat vector of the incompetent and
non-malicious user keeps coming back to haunt us no matter where the data is
stored.
Bloor Research has recently released a white paper discussing the security aspects of cloud computing. The paper provides a useful backgrounder
for those considering a cloud based computing solution.