Cloud Security: Oxymoron?

Here's how some early adopters of cloud computing are approaching the problem.

1 2 3 4 5 Page 5
Page 5 of 5

For example, the company encrypts data in transit and gives customers the option of either encrypting data at rest -- on Cloud Compliance's Amazon-hosted servers -- or not putting any data in the cloud.

The latter option involves a performance hit, since customers have to reupload data into the cloud every time an application is run, but some customers accept that trade-off in return for a higher level of security, Forkish notes.

Cloud Compliance's external customers do ask about Amazon's security, Forkish says. The concerns they raise change from month to month, depending on what vulnerabilities the press has been writing about, he adds. Cloud Compliance will either address their concerns or, if it can't, pass them on to Amazon.

"In some cases, we don't get a response, and we figure this is a real issue but they're working on it," Forkish says. But the Zeus botnet incident on Amazon, he says, "as far as we can tell, was not a threat over and above what we would expect for an Internet service, cloud-based or not."

Compliance Challenges

Public clouds add a whole new set of issues to regulatory compliance -- issues that providers, users and regulators themselves are just starting to look at. HIPAA and Sarbanes-Oxley privacy and data-retention requirements weren't designed with cloud-based services in mind.

"IT staffs have to figure out new ways to analyze and assess risk, and how to meet compliance requirements," Forkish notes. "Many compliance standards require being able to point to where data is, which is impossible with a cloud. And there's legal discovery -- getting access to data when required. Can discovery be done by a third party without your knowledge because it resides on cloud storage? These are examples of things I think will be worked out over the next couple of years."

In the meantime, Forkish suggests, many businesses, especially those in highly regulated industries, will entrust their sensitive data to private clouds or traditional managed services "and maintain the status quo."

And then there are the pioneers, like Logiq3's Westgate, who says he sees cloud computing as "a natural evolution of how we are managing systems." The key question about this evolution, he says, "is not why, but why not?"

Horwitt is a freelance reporter and former Computerworld senior editor based in Waban, Mass. Contact her at ehorwitt@verizon.net.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that first ran on Computerworld.com.

Copyright © 2010 IDG Communications, Inc.

1 2 3 4 5 Page 5
Page 5 of 5
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon