Cloud Computing: Enabler or Enigma?

Cloud computing, it seems, is here to stay.  Leading publications such as the Economist & Financial Times continue to devote column inches introducing us to this dawning of a new technological age.

Certainly most global technology companies, such as Cisco, Google and Microsoft, think so: Microsoft say they are ‘betting the company’ on a move to the cloud, but then they would, wouldn’t they?  Well, yes, but even Gartner, the leading technology research and advisory company, our telling us cloud computing is, and will continue to be, big business, predicting growth from $46.4 billion to $150.1 billion between 2010 and 2013.

Impressive… but is it secure?  Security tends to be the elephant in the room when the subject of cloud computing is broached but is it a white elephant…

A false sense of security

Many companies that are considering adopting cloud computing raise concerns over the security of data being stored and accessed via the internet. Such concerns are perhaps understandable, but to add perspective to the topic of cloud computing security it is also worth considering the reality of the flipside of these concerns.  That is: whether the physical tangibility of hosting your IT systems in-house really is more secure.  Believing that by virtue of being able to see and touch your IT systems renders them inherently more secure than a cloud based platform gives rise to complacency and may even create a false sense of security.

All good cloud computing vendors adhere to strict privacy policies and sophisticated security measures, it would be commercial suicide to take any other approach.  As a result, many cloud-computing vendors offer greater data security and confidentiality than companies that choose to store their data in-house.  However, not all vendors will offer the same level of security and so taking time to do your homework when reviewing vendors’ policies will go a long way towards ensuring you’re satisfied they comply with your requirements.

Due Diligence 

Gartner lists seven security issues to bear in mind when considering a particular vendor’s services.  I‘d go one step further and suggest you review how your traditional, local IT deployment measures up against the very same list.  The comparison might be all you need to make an informed decision on whether or not to adopt the cloud computing methodology.

  1. Privileged user access – enquire about who has access to data and about the hiring and management of such administrators;
  2. Regulatory compliance – make sure a vendor is willing to undergo external audits and/or security certifications;
  3. Data location – ask if a provider allows for any control over the location of data;
  4. Data segregation – make sure that encryption is available at all stages and that these encryption schemes were designed and tested by experienced professionals;
  5. Recovery – find out what will happen to data in the case of a disaster; do they offer complete restoration and, if so, how long that would take;
  6. Investigative support – enquire whether a vendor has the ability to investigate any inappropriate or illegal activity;
  7. Long-term viability – ask what will happen to data if the company goes out of business; how will data be returned and in what format.

    Image by: Staindrop

Every Cloud Has A Silver LiningBroadly, security is usually improved by keeping data in one centralised location. If that centralised location happens to be a high security data centre, then security is likely to be as good as or better than a more traditional, local IT deployment.  In part because the economies of scales of cloud computing enable providers to devote resources to solving security issues that many customers simply can’t afford.

Cloud Computing has many benefits and if you take time to review your requirements against the policies of a particular cloud computing vendor you might just find that Security is one of them.

Big Little Fish is a cloud computing service provider specialising in providing solutions for small and growing businesses.  For more information please email jeremy.scally@biglittlefish.co.uk or visit www.biglittlefish.co.uk