Tuesday, 19 October 2010

The Cloud – Is It Really a Security Risk?

There is a lot of hype around cloud computing. And there are many myths about cloud security. But is cloud computing really a risk? Interestingly, many of the potential security issues in cloud computing are overhyped - and others are vastly ignored.
Cloud computing is not only hype. It is a fundamental paradigm shift in the way we are doing IT. It is the shift from manufacturing to industrialization in IT; it is the shift from doing everything internally toward an IT that consumes services from the most appropriate service provider and is able to switch between (internal and external) service providers flexibly. It is, on the other hand, not only about external or highly scalable services. The core of cloud computing is to think in services, to optimize service procurement, and to optimize service production and delivery. The competition between internal and external service providers is part of this as well as it is the shift from a tactical use of some external services toward a strategic approach for service orchestration and service procurement.

Given that, cloud computing done right provides a lot of opportunities for achieving a higher level of security. A strategic approach for service procurement must include a standardized service description and thus clearly defined requirements for these services - not only from a functional perspective but for the "governance" part of it as well. Thus, aspects such as security requirements, encryption of transport and data, and location of data have to be covered in such requirements and mapped into SLAs (Service Level Agreements). Doing that right will automatically lead to a higher level of security compared to the tactical deployment of SaaS today - and it will reduce the number of cloud service providers you can choose from.
The biggest advantage in cloud computing for IT security besides the strategic sourcing of services is that cloud service providers are potentially better at IT operations than an organization can be. That is especially true for SMBs. Large providers with large data centers promise availability and data security - and many of them fulfill that promise. In addition, cloud services might as well help in improving IT service delivery. External backups, sort of "redundant data centers" built on IaaS (Infrastructure as a Service) offerings, or just the ability to offload peaks in resource consumption to the (external) cloud are some examples.
For sure there are aspects such as the increasing number of providers within the "IT service supply chain" that lead to increasing risks in the area of availability. There is the risk of sensitive data being managed somewhere out there. However, using the strategic approach on service management mentioned earlier (including the "governance" part) will reduce and mitigate many of these risks.


Join Us: http://bit.ly/joincloud

No comments: