Cloud security: Sorry, what was that?

By Carl Brooks, Technology Writer 21 May 2009 | SearchCloudComputing.com

Digg This!     StumbleUpon     Del.icio.us

For more on cloud security: Amazon CTO brushes aside cloud phobias Savvis homes in on cloud security

For one thing, many enterprise users don't face immediate needs. A network architect at a Canadian telecom company said her firm was in the middle of a data center consolidation effort, and that she was there to learn some of the nuts and bolts of the cloud, but anticipated no move into cloud until her company started its next upgrade cycle, years down the road.

A January 2009 IDC poll bears out this kind of delay, showing that while the economic slowdown pushed 2% of enterprises into greater cloud adoption, 61% of companies said it would have no impact or even reduce the pace that they moved into cloud computing.

Cloud security concerns pose adoption hurdle
But the attraction is real; the pharmaceutical sector is eager to use cloud infrastructure services to alleviate acute IT scaling issues, but concerns over security and compliance have prevented these companies from jumping in.

Almac Clinical Technologies is growing fast - the size of its clinical trials has jumped from hundreds of people to tens of thousands of people in a matter of months. Getting the infrastructure deployed to support these trials in a timely way is almost impossible, according to Jack Kosowsky, the director of systems development at Almac. But he said protecting the company's intellectual property in the cloud is "critical" before he can even consider using a service like Amazon's Elastic Compute Cloud (EC2).

The cloud's promise of easy, elastic computing power is not enough for established IT organizations.

During the event, cloud proponents warned that enterprises might find frustrated developers and users doing an end run around too-cautious IT management by starting up projects in the cloud themselves. One attendee outlined his firm's prescription for early adopters; he said that credit card ordering of cloud services was immediate grounds for termination at his company.

Liability is another unknown in the cloud computing world: businesses considering using cloud services will need to protect themselves against "information malpractice," according to Drew Bartkiewicz, the VP of cyber-risk and new-media markets at the Hartford insurance company. He said that companies should stay away from cloud providers that are not open to discussing contractual, legal, privacy and compliance concerns.

Michelle Munson, co-founder and developer of Aspera thinks that reliabilty "is a much bigger issue than people are letting on." She went on to say that liability and security aside, if cloud computing consolidates into too few providers, it would represent a global security concern of the highest order. Munson points to natural disasters as a primary consideration, like the Middle Eastern undersea outage in 2008 and to Google's 2-hour May 14th outage, saying companies may not realize their exposure until after the fact. "Wait until the first 12-hour outage from a major [cloud] provider." she said.

Overall, the consensus is clear: The cloud's promise of easy, elastic computing power is not enough for users with established IT organizations. That's not to say the interest isn't there -- it is, but real-world concerns far outweigh lofty ideas at this point.

Carl Brooks is the Technology Writer for SearchCloudComputing.com. Executive Editor Jo Maitland provided additional reporting for this story.

Tags: Data privacy in the cloud,  Data protection in the cloud,  Cloud computing standards,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data privacy in the cloud Security issues in cloud computing Oracle users balk at cloud computing Learning to let go: A cloud security primer with George Reese Virtualization vulnerabilities leave clouds insecure Public sector drags its heels on cloud Amazon adds onetime password token to entice the wary Novell tool to secure data and workloads in the cloud Researchers discuss virtual private clouds, coin CloudNet Trusted Cloud Computing Platform proposed to secure IaaS clouds Private Virtual Infrastructure proposed to address cloud security issues Data protection in the cloud Cloud computing less cloudy, but IT pros still skeptical Security issues in cloud computing Learning to let go: A cloud security primer with George Reese Virtualization vulnerabilities leave clouds insecure Novell tool to secure data and workloads in the cloud Researchers discuss virtual private clouds, coin CloudNet Trusted Cloud Computing Platform proposed to secure IaaS clouds Private Virtual Infrastructure proposed to address cloud security issues Cloudy with a chance of Ubuntu, Hohm gets hosted Encryption breakthrough promises privacy in the cloud Cloud computing standards Mitigating the top three Software as a Service security concerns Are cloud computing vendors ignoring continued consumer skepticism? Amazon gets SAS 70 Type II audit stamp, but analysts not satisfied EC2 email blackout raises new concerns about security, reliability in the cloud Security issues in cloud computing Cloud fears over Sidekick data loss partially assuaged Rackspace presents NoMoreServers.com Amazon EC2 attack prompts customer support changes Learning to let go: A cloud security primer with George Reese Net neutrality arouses the interest of cloud providers

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cloud cartography  (SearchCloudComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary