July 19, 2011, 7:42 PM — It's scary out there in the cloud. Data thieves, hackers, criminals, they're all out there scouring the Internet around the clock for ways to get into your corporate networks so they can steal data from poorly protected businesses.
So how can your enterprise safely use the cloud and what do you need to know about protecting your data and infrastructure from the bad guys? Is it even possible that your business can safely use cloud computing?
None of these are simple questions, says Ara Trembly, principal of The Tech Consultant, an IT consultancy.
The first thing to do is to take a magnifying glass to your business and be totally honest with yourself as you review your organizational processes, security concerns and the value and importance of your business data, Trembly says.
"For some businesses, it will be inadvisable to use the cloud," Trembly says. "A business that uses data as its lifeblood" won't want to put that data out there where it would be more vulnerable. "Insurance companies are one of those businesses, as well as financial institutions, medical centers and doctor's offices."
The problem is that if these kinds of businesses don't have their critical data in-house where they can work to maximize its protection and minimize the risks, then they can't be certain that the security is as good as it needs to be. "It's so easy for HIPAA violations to occur. Not that they're all being prosecuted right now, but they could be,"
Will it ever be possible that enterprises with super-critical data security requirements like these could ever use the cloud, whether public or private? Or will these kinds of security challenges make that impossible?
"At the moment I would say no," Trembly says. "The problem with the cloud and with any online application is that online security is really pretty bad and I don't expect that to improve significantly. And the reason it is so bad is that information is sellable, so if someone steals it, they can sell it. I think that some people do say that these problems will be solved eventually, but I don't think so."
That's the real challenge for data security, he says, because the criminals can stay ahead of the white hats who are working to prevent the intrusions and hacks that occur on a regular basis. "They go after Social Security numbers and anything that allow someone to pose as someone else. Anything collected in the realm of industrial espionage is sellable."