April 11, 2012, 11:31 AM — When customers sign up for an infrastructure-as-a-service (IaaS) plan from one of the number of vendors in the market, usually a name and credit card is needed before data is stored in the provider's cloud. But just what are public cloud providers doing with that information?
Security remains one of the chief concerns users have related to deploying the cloud, studies have suggested, and various providers seem to tout their security features for protecting data in the cloud. IBM, though, may take that even a step further by not just protecting data that's in the cloud, but regulating which customers use their cloud services.
WHICH IAAS IS RIGHT FOR YOU? 10 most powerful IaaS companies
HP'S REVAMPED PUBLIC CLOUD PLAY: HP takes aim at Amazon with public cloud, virtual network components
A blog post from Microsoft community website Redmond Channel Partner recently reported an interview with an IBM executive who was quoted saying, "An individual can't simply sign up with a credit card" to use IBM services. Rich Lechner, vice president of cloud for IBM's Global Technology Services unit, notes that IBM monitors the identity of each customer using its cloud service so that they know "who is in the building," he says.
Are IaaS providers vetting data from individual customers before allowing it to be stored in their cloud? For most IaaS providers: Fat chance, says Alan Shimel, managing partner at the CISO Group, a consultancy.
"Do you really think they're doing a customer-by-customer review of who you are and what data you're putting up there on an ongoing basis?" Shimel asks. "Most likely not. The very nature of the elasticity of the cloud would make that nearly impossible, or at least cost-prohibitive." Shimel notes that he's not familiar with the security policies of each individual cloud provider, and those may change from vendor to vendor. But some of the large public cloud IaaS providers, he says, can't possibly keep tabs on all their customers.