The Macrosite for News, Analysis and Opinion about the Future of the Internet
DISCUSS   PRINT   Digg   Del.icio.us   Reddit   Email This   TWEET THIS

Cloud Security

Introduction
11/7/2009 1 comment
no ratings
1 saves

Before the Los Angeles City Council gave Google (Nasdaq: GOOG) a $7.25 million contract to provide email as an online service for the city’s 30,000 employees, it put Google through the wringer over information security.

The Los Angeles Police Department and the city attorney’s office were concerned that any confidential information in email messages might be exposed if it were stored in the cloud, meaning on Google’s servers instead of the city’s own data center. The City Council echoed a concern heard in business boardrooms around the country as they consider cloud computing: “Security was one of the leading issues,” says Eduardo Hewitt, legislative deputy for City Councilman Tony Cardenas.

To win over the council, Google had to meet a laundry list of special security provisions, including:

  • Fingerprinting all employees working on the project for Google and Computer Sciences Corp., which will set up and manage the service for Los Angeles
  • Encrypting data in transit
  • “Sharding” the data at rest, with pieces stored on separate drives, so someone needs an application and encryption key to put the pieces into a readable format
  • Storing all of Los Angeles’s data within the United States
  • Limiting access to the data to Google and CSC employees who meet the city’s clearance requirements

Google also is offering minimum damage payments for various mishaps, including a confidentiality breach, faults in the network resulting from the actions of Google or CSC, or the personal injury of a city employee or contractor caused by Google or CSC. The amount of the damages payable in such instances is still being worked out, says Kevin Crawford, LA’s assistant general manager of IT.

Why did the city need such measures, some of which exceed enterprise cloud computing deployments? “It was because of the newness of the product for the public sector,” says Crawford. Various city agencies and constituents simply weren’t convinced of the safety of cloud computing, so they demanded the additional stipulations. But Crawford says the city didn’t pay extra for them, and in fact negotiated discounts off Google’s list prices. “We’re still getting 40 percent off retail,” he says.

Jitters over the security of cloud computing, including concerns about its “newness,” are by no means limited to the government sector. When InformationWeek Analytics asked 547 business technology pros what worries them about cloud computing, security concerns grabbed the top three spots, far outpacing issues of performance, disaster recovery, or vendor lock-in:

Cloud computing is getting considered because companies and government agencies are keenly interested in the lower licensing and staff support costs that cloud services promise. Faster deployment also works in cloud computing’s favor. Yet security plays the foil to cost savings, and for many companies, security concerns end up sinking any move to the cloud.

Gartner Inc. predicts companies will spend about $10 billion this year on two types of cloud computing: infrastructure as a service, where companies buy raw computing power as needed, and software as a service, where they pay a subscription for online access to software, ranging from email to CRM to business intelligence.

While companies can subscribe to an ever-widening array of cloud services, IT departments don’t have the same long history that they do with on-premises software, so they aren’t as confident of where pain points such as security flaws may be. What new intrusion points are introduced? How can a company be sure that its data sitting in the vendor’s data center is safe? When should information be encrypted? In our survey, 57 percent cited “security defects in the technology itself” as a top concern with cloud computing, more than any other concern.

Standards and best practices for cloud security are just emerging. “Security is and always should be a top consideration when companies are examining cloud services,” says Steve Cakebread, former president and chief strategy officer at Salesforce.com, who’s now on the board of eHealth, an online health insurance reseller, and Solarwinds, a network management vendor.

To understand potential security risks, companies must complete a thorough examination of a cloud service – beginning with the networking layer, checking out the provider’s operations, and working up to the cloud application.

While there isn’t the same kind of well established, best-practices security checklist for cloud computing that there is for on-premises IT systems, here’s one concept to bank on: It’s still the user organization, meaning the IT teams that contract for cloud computing, that will be held responsible for the security of the data and apps they put in the cloud. “In the end, regulators will come after our IT department, not the cloud service provider, if security problems arise with our data,” says Ash Patel, global CIO at Aon Consulting, one of three business units within Aon Corp., a $7.4 billion-a-year insurance consulting and service provider.

Table of contents:

— Paul Korzeniowski is a freelance writer who has been dissecting technology and business issues for two decades.

— Mary Jander, ThinkerNet Editor, Internet Evolution

Next Page: Lower Costs, Simpler Operations
Channel:
Tags:
DISCUSS   PRINT   Digg   Del.icio.us   Reddit   Email This
Page 1 of 8 Next >
Current display:       newest comments first       display in chronological order
rjacksix
IQ Crew
Tuesday November 10, 2009 6:11:39 PM
no ratings

I fail to see how the issues around cloud security are any less (or more for that matter) than the concerns of outsourcing any aspect of IT.  Perhaps it's the name.  "Cloud" really doesn't sound stable does it?  And yet Amazon, Google and even Microsoft have far more experience in keeping their infrastructures running, and secure, than most other organizations, especially SMB's.

What is the hang up?  Granted, I think any organization should walk before they run into this arena, but we've been outsourcing computing resources and storing data on computers of such companies for years.  Certainly you have to make sure that the outsourcing company is reputable and that they have resonable hiring and security practices.   But who is more capable of doing this right, an organziation with the size and experience of Google or Amazon, or even a 200 person SMB (or 14,000 user state government for that matter)?

I'd put my money on the Google (who, if it isn't obvious by now, I do not think of as evil) Amazon or any other large well funded well managed IT innovation company.

I would be cautious about putting my data on Cloud-R-Us (can you say Internet bubble?) but I don't have any reservations about moving to the cloud, or the security of it.

The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
a moderated blogosphere of internet experts
Dan Cypra
Dan Cypra   11/20/2009   2 comments
A picture is worth a thousand words, or so the old saying goes. So understanding how to use images in e-newsletters effectively is quite important. Here are a few tips to ensure that your images in email newsletters work to your advantage.
Gordon Haff
Gordon Haff   11/20/2009   Post a comment
Arms merchant or army? That's a fundamental question for vendors in the cloud computing space. Do they just sell their tooling to any and all comers, who then become the actual purveyors of hosted infrastructure, developer platforms, and software? Or do they offer their own cloud-based services, perhaps even keeping much of their technology in-house for competitive advantage?
Mary E. Shacklett
With the value of toxic assets on the rise, large U.S. and European banks face many challenges on the road to recovery. Sharing key information may help these firms effectively track the way forward.
Matthew Fraser
Matthew Fraser   11/19/2009   5 comments
Most of us go through life knowing that we’re expected to learn from our mistakes and improve. Those who are more conscientious about learning and personal improvement usually reap greater rewards.
Mike Moran
Mike Moran   11/19/2009   11 comments
Marketers are known for exaggerated claims and stretching the truth just a wee bit. But most marketers I know truly believe in what they sell. Their aggressiveness is based on a confidence that what they are promoting truly benefits the customer.
IETV: the thinkerNet on film
5
of
2pm EST
Tue
Dec 1st
an IBM information resource
sponsored content
big blue blog
Todd Watson
Todd Watson   11/20/2009   Post a comment
While Google introduces its new Chrome OS (which I'm hearing will be widely available in one year?  Did I mishear that?), IBM announced 10 new products today to help companies using IBM System z mainframe technology.
white papers & case studies
an IBM information resource
sponsored content
Smarter Collaboration: How to Thrive in a Challenging Business Environment
Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success.
READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!
REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com
Copyright © 2009 United Business Media Limited - All rights reserved.      About Us  |  Privacy Policy and Terms of Use  |  Contact Us
CMP Media LLC
Internet Evolution – not for thickies
To Cloud or Not to Cloud: IT Vendors Ponder the Question
Gordon Haff
Arms merchant or army? That's a fundamental question for vendors in the cloud computing space. Do they just sell their tooling to any and all comers, who then become the actual purveyors of hosted infrastructure, developer platforms, and software? Or do they offer their own cloud-based services, perhaps even keeping much of their technology in-house for competitive advantage?
CLICK FOR MORE
Groups Join Fight to Keep Big Brother Offline
Don Reisinger
Much has been made over the possibility of the U.S. government spying on Web users. There is a fear that through advanced technology, loopholes in federal regulations, and sheer gall, government officials will engage in acts that put the U.S. citizenry at risk. But whether or not the government is actually engaging in any activities online that puts its intentions into question is up for debate.
CLICK FOR MORE
Banks Cooperate for Better Risk Analytics
Mary E. Shacklett
With the value of toxic assets on the rise, large U.S. and European banks face many challenges on the road to recovery. Sharing key information may help these firms effectively track the way forward.
CLICK FOR MORE
How to Score, Not Bore, With Web Newsletter Graphics
Dan Cypra
A picture is worth a thousand words, or so the old saying goes. So understanding how to use images in e-newsletters effectively is quite important. Here are a few tips to ensure that your images in email newsletters work to your advantage.
CLICK FOR MORE
what.the.ferraro
Facebook Lacks Social Skills
11|20|09   |   1:53   |   No comments

Facebook's 'Suggestions' for users demonstrate how little social networking sites understand about true social relationships.
Singer at C-Level
Smart Grid Opportunities
11|20|09   |   2:49   |   No comments

Industry initiatives and government stimulus funds are giving enterprise software vendors a great opportunity to help build out and manage smart grid technologies.
Tom Nolle
Total Telephony Transcends Telepresence
11|20|09   |   2:11   |   2 comments

The problem with telepresence is that it's not universally accepted, because video calling isn't. While we can all do video calling, we also apparently worry too much about how we look. If we want HD telepresence in our future, we have to dress down, mess up our hair, and dive into our online life.
what.the.ferraro
ThinkerNet Wins Min's Award for Best Blogs!
11|19|09   |   1:13   |   4 comments

ThinkerNet wins the Min's award for 'Best Blogs' – Internet Evolution's fifth award this year!
Full Nelson
SanFran.gov
11|19|09   |   8:51   |   No comments

Fritz has an exclusive talk with the mayor and CTO of San Francisco about that city's latest e-government efforts.
Robert D. Atkinson
America Has Much to Learn About Digital Piracy
11|18|09   |   2:09   |   No comments

The US loses about $20 billion a year on pirated software, movies, and music. But public policy can help stem the tide of digital theft. For example, France has recently passed a 'three strikes and you’re out' law, whereby if after two warning letters an individual continues to download pirated software then his Internet access will be cut off. US policy makers should consider adopting similar policies.
Singer at C-Level
Connecting Stakeholders: Part 3
Part 3 of 3   |   See complete series
11|18|09   |   2:09   |   No comments

Financial management planning does not need to include Voodoo economics, but it does help to tap into the knowledge base of your team through some sort of real-time system. We explore your options.
Reiter's Block
Tweeting for Customer Support
11|18|09   |   2:20   |   No comments

When Reiter gets incensed over incompetent Verizon FiOS order-taking and support, he broadcasts it via Twitter. Did it do any good? How should your company offer Twitter support? Watch this for all the answers.
what.the.ferraro
Dogster.com More Popular Than Gov 2.0
11|17|09   |   2:05   |   1 comment

A lot of attention is being paid to launching Gov 2.0 Websites, but these sites aren't attracting a lot of visitors.
Reiter's Block
Is the BlackBerry 9700 'Bold' Enough?
11|17|09   |   3:07   |   4 comments

The successor to the BlackBerry Bold 9000 – the Bold 9700 – will be available soon in the US. Is it worth upgrading? Reiter's got one, and offers advice.
TechWeb The Global Leader In Technology Media