Our recent Global SaaS study revealed that organizations are not just using SaaS to reduce costs, but are actually gaining competitive advantage through their SaaS solutions. Given the promise of advantage over peers, what is holding some organizations back from broad SaaS adoption? For many, it’s security. And what outcomes are companies missing out on by not adopting SaaS? Improved collaboration, innovation, and better decision-making, to name a few. The Saas “Pacesetters” – those leading enterprises gaining competitive advantage through widespread SaaS adoption – are achieving these to a greater extent than their peers.... Read more >
IBM Center for Applied Insights
Ellen Cornillon 110000K9SX firstname.lastname@example.org Tags:  cloud saas software_as_a_service cloud_security 143 Visits
DAVID JARVIS 1000007UE6 email@example.com Tags:  security_essentials cloud cloud_security security 1,180 Visits
Senior Consultant, IBM Center for Applied Insights
According to the 2012 Cloud Computing Survey released this month by IDG, the number one barrier to implementing cloud strategies is security. A full 70% of respondents reported being significantly worried about it. More than service interruptions and other factors – unauthorized users getting access to data strikes fear into the heart of potential cloud adopters.
However, because of their flexibility, potential cost savings and ease of use, the allure of cloud computing is undeniable. So, what to do? How can we have cloud computing platforms that inspire confidence instead of instill fear?
It all starts with education. Everyone developing a cloud-delivered service becomes, de facto, an IT architect. Users must understand the risks and responsibilities in operating on a cloud, and follow a set of best practices that they respect and incorporate into their daily routines.
Second, we have to think in a different context – it needs to be more about securing information, rather than the security of physical devices and locations. If the information is secure by its nature, it doesn’t matter where it is, or what device it is on. The data has to be encrypted and available only to those who need access to it. Putting the onus on the data owner instead of the cloud provider is a good idea. Ponemon and CA released the results of a survey in May 2011 which showed that cloud providers didn’t make security their number one concern. The majority of cloud providers believed it was their customer’s responsibility to secure the cloud, not theirs.
Finally, this leads us to the importance of knowing and trusting the cloud vendor and the country the hosting data center operates in. Depending on the location of the data center, there are possible data rights issues and disruptions caused by political unrest, infrastructure issues or natural disaster. In the end, you’re investing not only in the cloud provider, but in a country as well.
The IBM Center for Applied Insights has been working with IBM’s VP of IT Risk to develop a series of eight articles on Security Essentials for CIOs, based on IBM's own experiences. The latest, the third in the series, is about what it takes for an enterprise to develop a secure cloud computing strategy.