Three security issues loom large over the future of cloud computing. First, what control can corporate security exercise over applications and services provided via cloud? Nobody likes being held responsible for something they have no control over. Second, how does IT Leadership convince everyone that corporate applications & services sent over the cloud are just as secure now as they were BC (Before Cloud)? Cloud vendors have to be able to deliver apps and services with the same or BETTER security, otherwise they shouldn’t be in business, right? But how do you demonstrate that? More importantly, how do you get your cloud providers to show they aren’t vulnerable? In his blog on the TCO of Cloud, CIO of DeVry Eric Dirst, gives his experienced perspective on the value of testing the vulnerability of a cloud provider yourself rather than relying on the vendor to do it and report on itself. And third, will security in the cloud satisfy federal compliance requirements. Government red tape and watch dogs still exist, regardless of which political party is in charge at any time.
Cloud is a maturing industry, but replacing legacy technologies and processes with a new outsourced paradigm is anything but simple and fraught with risk. Certainly, security is one of the biggest headaches. How do you do it right and minimize risk? Some practitioners are looking into maturity models. Maturity models for various processes have been around for a while, and it would seem that such a model with milestones could help, however, there is disagreement over whether some sort of 5 stage maturity model can help to actually achieve corporate cloud nirvana.
Ultimately, the transition to the Cloud comes down to not just saving money, even if just in the longer term, but improving service and reliability by outsourcing to a provider with expertise in delivering a particular service. As for security in the cloud, that security depends on whether your Cloud provider is keeping pace beyond you in the newest, most advanced security technologies. If corporate IT was able to satisfy federal and other regulations, certainly it is not unreasonable to expect a Cloud provider, who’s bread and butter is delivering a specific service, to stay abreast of the latest and greatest security advances guaranteed to exceed regulatory needs.
What are your top concerns about Cloud computing? Take our survey here, and let us know. Meanwhile, please tune in to hear Dan Lohrmann, CSO, Michigan Department of Technology, Management & Budget (DTMB), State of Michigan and other guests discussing “How to enable Secure Cloud Computing” this November 16th, at 9AM Central, 10 AM Eastern, 7AM Pacific Time.