Are you confident your data would be safe in a cloud application hosted by a third party?
If you said "No," you're with the majority of users who responded to a little poll presented by a member of a LinkedIn group dedicated to cloud computing. Apparently, 72 percent of the 33 respondents think third-party clouds (any public cloud, in other words) can't be trusted.
"Data in the cloud is like a bank locating its safe in a public park," one group member wrote in a comment below the poll. "It doesn't matter how good the locks and bolts are on the safe, it is there in public with easier access than in the bank's basement. It is being guarded by someone who does not work for the bank and doesn't give one whit about the bank, its customers or the contents of the safe."
Apparently, many IT professionals agree with this view, despite the evidence (presented here and elsewhere) that cloud services are increasing in popularity and adoption.
Indeed, even though private clouds are gathering steam, services based entirely on third-party hosting are still off the menu for many enterprises, which just don't have confidence in leaving their precious data on someone else's remote servers.
The lack of control over who is minding the cloud facilities was the impetus behind Google losing its bid to provide Google Apps to the City of Los Angeles. Law enforcement officials just weren't convinced of the security of data on Google's servers, even though Google reportedly offered guarantees about who would be handling that data.
Some folks think adding a layer of supervision ensures a higher level of safekeeping for cloud data. For example, Service Organization Controls from the American Institute of Certified Public Accountants (AICPA) standardize best-practices for ensuring that outside parties remain trustworthy stewards of data.
Experts say standards don't guard against every malicious insider. Still, Mary E. Shacklett, an IE contributor and the president of the consulting firm Transworld Data, told me in an email today that it is possible to make third-party clouds safer. "Plug in enterprise best practices for data safekeeping. There is no rocket science in this. The best practices have existed for years."
According to Shacklett, some cloud providers have only themselves to blame if they aren't taking user concerns seriously enough to tighten up their own security. "I continue to hear from cloud providers themselves that they don't have SLAs in place for their own internal operations," she wrote. "The cloud providers that specialize in industry-specific solutions (e.g., payment services for oil and gas; supply chain for retailers; resource provisioning for finance) all get their security audits done and abide by industry regulations. The commodity cloud services... I would be leery of."
Ultimately, CIOs will have to choose between the cloud and their own organization. As one LinkedIn commenter put it, "True disconnectedness/data isolation would be the only one hundred percent reliable answer (as non glamorous as it is)."
Haha, well said, Chuckgregory! Your comment that no online solution can really be trusted was basically echoed in the message thread that inspired my blog. The truth seems to be that many IT folk don't fall for reassurances, but they are willing to take calculated risks, perhaps first with data that isn't completely mission critical or confidential.
I pretty well agree that third party clouds can't be trusted, but I plan to use them anyway. Why? Because I don't think there is any solotion that can be trusted. I don't think the public clouds are much, if any, worse than just about any other place we store private data. So, I say, do your best to protect it but don't ever think it is really secure. If random hackers, disgruntled insiders, or 'anonymous' don't get to it, the NSA probably will...
All true. But he still does not come out and say what he thinks about whether public clouds are or aren't sufficiently secure. Otherwise, why do we need standards? Do enterprise CIOs simply need them for reassurance?
I think the following statement sums up the arguement the writer;
"It is this mindset, in my opinion, that places so many large organizations at odds with public cloud. No matter which major form of public cloud you are considering, the internal cultures and processes of large organizations are poorly suited for extension into the cloud."
In essence the author is just alluding to the fact that even though some of the concerns about public clouds are legitimate, most of them are just the product of an organizational mindset of corporate IT that is at variance with the basic propositions of public clouds. So in other words even if cloud providers can make public clouds as securely as is technologically possible,corporate IT distrusts with Third-Party Clouds won't go away anytime soon.
With all due respect, I can't figure out what the author is really saying. It seems he echoes what a lot of vendors and consultants say, to wit: "Public clouds ARE just as secure as anything else right now. Try it!"
Without SLAs and security standards nailed down, though, public cloud providers will be viewed by IT as giving empty promises.
Not sure I agree, Paul. Security risks are great on or off site, but if IT can see it and visit the equipment and software at will, it's likely to inspire a bit more confidence. Also, it doesn't help if public cloud providers aren't able to meet SLA requirements and/or supply guarantees about the level of security they provide.
Actually, I think enterprises have fears that don't result from security news stories, though they are strengthened by them. The truth is, IT doesn't like to cede control to any third party, since IT is always accountable and it's "safer" to be able to deal directly with the equipment and software that houses and handles one's data. Some in IT even feared virtualization because they couldn't associate it with a specific location in a system or server.
All that said, I think the situation is likely to improve as public cloud providers continue to prove themselves trustworthy, and IT gets used to the idea of working with them.
I came across this article that explains why the cultutal mindset of large organization will always distrust the cloud:
"Any finger-pointing, however, appears to be equally directed toward both legitimate potential risks and the very vendors that supply a large organization's IT needs. It is this mindset, in my opinion, that places so many large organizations at odds with public cloud. No matter which major form of public cloud you are considering, the internal cultures and processes of large organizations are poorly suited for extension into the cloud."
I think we are just trying to heap unrealistic expectations on Third-Part Cloud service Providers with this constant talk on security. The truth is that even private clouds are not as secure as we are made to believe. The basic axiom of these third-part cloud servivces is that the providers of these services are better equipped to secure our data than what we can individually do for our networks.
There is always an inherent risks associated with cloud services be it in-house or third-party. People who are still skepticalofthe viability of cloud computing are still holding to these parochial fears that public clouds are not to be trusted.
Well I guess it's because there were certain issues which did caught a lot of user and media attention. Anyway basically these days users are very various when it comes for 3rd party stuff due to security issues
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Before entrusting bet-your-business applications to the cloud, organizations need to ensure that service providers guarantee the apps will be available. The key to doing that is a strong Service Level Agreement (SLA).
IBM today said it will acquire SoftLayer Technologies, the largest privately held cloud computing infrastructure provider. IBM plans to leverage SoftLayer's expertise serving "born-on-the-Internet" companies to both broaden IBM's customer base and help better serve enterprise customers with cloud services.
The emergence of cloud puts IT in an awkward position familiar to seasoned pros: Business employees are bringing in new technology through the back door, without seeking permission from IT or even letting IT know it's being done.
Precor, which makes exercise equipment for gyms and homes, needed to transform itself into a cloud services provider in order to keep up with the changing demands of its customers.
Like other leading technology-using businesses, Walmart is starting to look like a vendor in its integration of the latest technologies to serve its customers. That's what led it to buy two Silicon Valley cloud startups this week.
All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
Enterprises are discovering that using social networking within the secure setting of a SaaS provider's network gives them an unusual opportunity to freely collaborate with partners, suppliers, and even competitors.
Microsoft's recent decision to bundle its Office software with business partner offerings indicates that cloud software may be in the news, but licensed packages are still in demand for failover.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Multi-tenant clouds assure security for clients, but not necessarily for their ideas. Here's one thing you should discuss with your cloud provider before you sign on.
The Amazon smartphone rumor and the Apple mini-iPad rumor show that the mobile device giants think they have to be in all the device spaces to win. Why? Because the cloud can create an ecosystem where every device can cooperate to support the user, and if you don't supply all the devices you miss out on the total value.
Less than a year ago, we were debating whether private or public cloud would prevail. Private cloud now appears to be a clear favorite. The reason? Organizations of all sizes are getting comfortable with cloud, and vendors are providing solutions that make the adoption of private cloud straightforward and less risky.
65% of CIOs are on board with cloud, but 55% are still thinking about it. Risk is the major barrier to entry. Cloud purveyors can help to address this by providing turnkey cloud solutions targeted at specific vertical industry markets.
Security issues are all over the media today, along with condemnation of hackers who "create" them, but the sad truth is that only one enterprise in eight says it would submit to a public security audit. We need to get serious about this issue as we head into the cloud era.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
