Cloud security fears called overblown, 'emotional' at IDC forum
IDC expects spending on cloud services to almost triple by 2012
IDG News Service - It may sound like heresy to say it, but it's possible to worry a little too much about security in cloud computing environments, speakers at IDC's Cloud Computing Forum said on Wednesday.
Security is the No. 1 concern cited by IT managers when they think about cloud deployments, followed by performance, availability and the ability to integrate cloud services with in-house IT, according to IDC's research.
Keeping data secure is critical, of course, but companies need to be realistic about the level of security they achieve inside their own business, and how that might compare to a cloud provider such as Amazon Web Services or Salesforce.com, forum speakers said.
"I think a lot of security objections to the cloud are emotional in nature, it's reflexive," said Joseph Tobolski, director for cloud computing at Accenture. "Some people create a list of requirements for security in the cloud that they don't even have for their own data center."
That was the experience of Doug Menefee, CIO at Schumacher Group, which provides emergency-room management services to hospitals. The company is in the midst of a project to migrate most of its applications to hosted, cloud-based services.
"My IT department came to me with a list of 100 security requirements and I thought, 'Wait a minute, we don't even have most of that in our own data center,'" he said in an interview at the forum.
Schumacher Group takes security seriously, Menefee said, but as a midsize company with only three IT staff working full time on security, he trusts large cloud providers to do it better. "We get the same level of security with Salesforce.com as any large company using that service," he said. "I'm using the economies of scale."
Schumacher Group stores sensitive data only with providers that comply with the U.S. Health Insurance Portability and Accountability Act (HIPAA), Menefee said. He recently started a project to deploy Google's online productivity tools, but Google is not HIPAA-certified, "so no patient data gets stored there," he said.
He also noted that Schumacher Group is not a publicly traded company, and its legal requirements for security are less complex than for public entities. Some large enterprises, especially in areas like finance, will have greater concerns about security, noted Jean Bozman, an analyst at IDC.
Still, one audience member, admitting that the idea was "counterintuitive," said security concerns may actually drive companies into the cloud.
"It is becoming almost impossible today to secure the enterprise, the cost and complexity are moving so fast," he said. "If you go to the RSA [security] conference, the major vendors will tell you every year that their next release will solve all these security problems that you have today. But they never do."



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Five Myths of Cloud Computing
- This white paper separates fact from fiction, reality from myth, and, in doing so, will aid senior IT executives as they make decisions...
- IBM Synchronizes its Commerce 2.0 Strategy with 'Smarter Commerce' Initiative
- On March 14, IBM announced "Smarter Commerce", a strategic initiative that addresses the surging market for Commerce 2.0 solutions that take advantage of...
- TechRepublic: Cloud Computing - Potential Value for Your Company?
- Content provided by Google
Imagine a world without the hassle of licenses and hardware management - cloud computing makes this possible. Learn more about... - Forbes: Enterprises Set Their Strategies for Cloud Computing
- Content provided by Google
This Forbes Insights paper shares how enterprise companies are still crafting their strategies and testing their options to determine if... - HBR: What Every CEO Needs to Know About the Cloud
- Content provided by Google
This Harvard Business Review article explains the Cloud and its benefits, highlights the implications of various concerns, and makes recommendations...
All Cloud Computing White Papers
- Live Webcast
Integrated IT Operations Management in the Cloud - Join award-winning technology editor Stan Gibson and Andrew White, CMO at Numara Software, to learn how asset management and service management are converging...
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- De-risk Deploying Business Critical Apps in Your Private Cloud
- Architect your private clouds to ensure that application requirements for performance & availability are achieved with minimal risk to the business.
- Navigating the Public Cloud
- InfoWorld contributing editor and consultant David Linthicum offers expert advice about choosing services to outsource to the public cloud providers, cloud data security...
- Integrated IT Operations Management in the Cloud
- Join award-winning technology editor Stan Gibson and Andrew White, CMO at Numara Software, to learn how asset management and service management are converging...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as... All Cloud Computing Webcasts
By Chris Poelker
Instead of bulk capital expenditures for large servers and storage arrays, you can purchase computer time based on actual usage of CPU cycles and storage by the number of gigabytes or terabytes used. But here are ten things to consider before you jump into the cloud. Insider (registration required) more