Are security issues delaying adoption of cloud computing?
"Yes, security is one of the concerns about cloud computing that is delaying its adoption," says Eric Mandel, CEO of managed hosting services provider BlackMesh in Herndon, Va. "One of the biggest security concerns about cloud computing is that when you move your information into the cloud, you lose control of it. The cloud gives you access to the data, but you have no way of ensuring no one else has access to the data. How can you protect yourself from a security breach somewhere else in the cloud?"
Security concerns will continue to keep some companies out of the cloud, Mandel acknowledges.
Symplified, a start-up providing a cloud-based security service that extends enterprise access-management controls to cloud computing, agrees there's a strong sense of heightened risk.
"We find the focus is on the credentials. It's the key to the kingdom and we find there's a reluctance to have the keys in the cloud," says Eric Olden, CEO at Symplified. He says the providers of cloud computing would further their own cause if they offered more "transparency" in what occurs in the cloud-computing environment.
Burton Group analyst Eric Maiwald, who also contends cloud vendors could be more forthcoming about their security practices, cautions there's a long list of security issues that should be resolved before businesses jump into cloud computing, even if they see cost-savings as a primary driver.
These include how data may be encrypted and stored, how e-discovery can be done if need be, what controls there are and whether the cloud provider has passed a SAS-70 audit.
Dick Mackey, analyst at consultancy SystemExperts, says cloud computing is "a difficult choice for any company considering the platform for protecting sensitive information" because of "the inability or unwillingness of cloud providers to give assurances of the controls surrounding computing resources."
He also argues "it would be difficult to impossible to achieve Payment Card Industry (PCI) compliance in a cloud provided by a service provider given the requirements for understanding precise system and network configurations and controlling access to the systems and the credit-card data."
Vendors aren't standing idly by. They recently formed a Cloud Security Alliance to address just the sort of concerns IT security pros say they have.
Network World
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
cloud computing
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
