Are you confident your data would be safe in a cloud application hosted by a third party?
If you said "No," you're with the majority of users who responded to a little poll presented by a member of a LinkedIn group dedicated to cloud computing. Apparently, 72 percent of the 33 respondents think third-party clouds (any public cloud, in other words) can't be trusted.
"Data in the cloud is like a bank locating its safe in a public park," one group member wrote in a comment below the poll. "It doesn't matter how good the locks and bolts are on the safe, it is there in public with easier access than in the bank's basement. It is being guarded by someone who does not work for the bank and doesn't give one whit about the bank, its customers or the contents of the safe."
Apparently, many IT professionals agree with this view, despite the evidence (presented here and elsewhere) that cloud services are increasing in popularity and adoption.
Indeed, even though private clouds are gathering steam, services based entirely on third-party hosting are still off the menu for many enterprises, which just don't have confidence in leaving their precious data on someone else's remote servers.
The lack of control over who is minding the cloud facilities was the impetus behind Google losing its bid to provide Google Apps to the City of Los Angeles. Law enforcement officials just weren't convinced of the security of data on Google's servers, even though Google reportedly offered guarantees about who would be handling that data.
Some folks think adding a layer of supervision ensures a higher level of safekeeping for cloud data. For example, Service Organization Controls from the American Institute of Certified Public Accountants (AICPA) standardize best-practices for ensuring that outside parties remain trustworthy stewards of data.
Experts say standards don't guard against every malicious insider. Still, Mary E. Shacklett, an IE contributor and the president of the consulting firm Transworld Data, told me in an email today that it is possible to make third-party clouds safer. "Plug in enterprise best practices for data safekeeping. There is no rocket science in this. The best practices have existed for years."
According to Shacklett, some cloud providers have only themselves to blame if they aren't taking user concerns seriously enough to tighten up their own security. "I continue to hear from cloud providers themselves that they don't have SLAs in place for their own internal operations," she wrote. "The cloud providers that specialize in industry-specific solutions (e.g., payment services for oil and gas; supply chain for retailers; resource provisioning for finance) all get their security audits done and abide by industry regulations. The commodity cloud services... I would be leery of."
Ultimately, CIOs will have to choose between the cloud and their own organization. As one LinkedIn commenter put it, "True disconnectedness/data isolation would be the only one hundred percent reliable answer (as non glamorous as it is)."
— Mary Jander , Managing Editor, Internet Evolution