Senior Consultant, IBM Center for Applied Insights
According to the 2012 Cloud Computing Survey released this month by IDG, the number one barrier to implementing cloud strategies is security. A full 70% of respondents reported being significantly worried about it. More than service interruptions and other factors – unauthorized users getting access to data strikes fear into the heart of potential cloud adopters.
However, because of their flexibility, potential cost savings and ease of use, the allure of cloud computing is undeniable. So, what to do? How can we have cloud computing platforms that inspire confidence instead of instill fear?
It all starts with education. Everyone developing a cloud-delivered service becomes, de facto, an IT architect. Users must understand the risks and responsibilities in operating on a cloud, and follow a set of best practices that they respect and incorporate into their daily routines.
Second, we have to think in a different context – it needs to be more about securing information, rather than the security of physical devices and locations. If the information is secure by its nature, it doesn’t matter where it is, or what device it is on. The data has to be encrypted and available only to those who need access to it. Putting the onus on the data owner instead of the cloud provider is a good idea. Ponemon and CA released the results of a survey in May 2011 which showed that cloud providers didn’t make security their number one concern. The majority of cloud providers believed it was their customer’s responsibility to secure the cloud, not theirs.
Finally, this leads us to the importance of knowing and trusting the cloud vendor and the country the hosting data center operates in. Depending on the location of the data center, there are possible data rights issues and disruptions caused by political unrest, infrastructure issues or natural disaster. In the end, you’re investing not only in the cloud provider, but in a country as well.
The IBM Center for Applied Insights has been working with IBM’s VP of IT Risk to develop a series of eight articles on Security Essentials for CIOs, based on IBM's own experiences. The latest, the third in the series, is about what it takes for an enterprise to develop a secure cloud computing strategy.