Is ‘Cloud’ Computing Secure?
‘Cloud’ computing has grown by leaps and bounds in recent years. Every day brings news of some acquisition, some investment, and some innovation in this space. What started as a mere snowball has gradually acquired the proportions of an avalanche with all the big boys of the Information Technology putting in big money in ‘Cloud’ computing.
From Microsoft to Google to late-entrant Oracle, everyone has their fingers in the ‘Cloud’ computing pie. However, concerns still remain, chiefly regarding security. Several companies have put off moving to the ‘Cloud’ simply because of security concerns. Otherwise, ‘Cloud’ computing with its pay-per-use and on-demand model seems to be a win-win situation.
Security is a major consideration today, and not only in the physical world. Enhanced security concerns may lead to stringent, and often unwelcome, TSA checks at airports, but it also affects the adoption of new technologies like ‘Cloud’ computing. Especially if that technology is based on the internet, where literally, anyone with a modem and ADSL connection can log in. The recent Wikileaks controversy hasn’t helped matters as regards acceptability of ‘Cloud’ computing.
Many opponents of ‘Cloud’ computing say that the technology’s presence on the Web makes it open to attackers worldwide. What they fail to realise is that isolated data centres, as was the norm before the advent of ‘Cloud’ computing, aren’t immune to hackers either. In fact, the modular nature of ‘Cloud’ computing may actually limit damage due to such attacks over the Internet.
With isolated data centres, it’s the old “all eggs in one basket” scenario and we all know how that ends if the basket falls. On the other hand, with ‘Cloud’ computing, you are actually placing your eggs in different baskets. Even if one or more of those baskets fall, you have others to fall back on. Therefore, it is clear that being on the Web is not necessarily a disadvantage for ‘Cloud’ computing.
Of course, if your isolated data centre is isolated in the true sense of the word, that is, not connected to the Internet, you are safe from online attacks. But are you truly safe? Think again. How about a disgruntled employee who slips in with a USB drive, downloads confidential information and then passes it along to your competitors? Remember, confidential diplomatic messages released by Wikileaks were not obtained from an unknown hacker, but a US Army soldier who simply walked in and downloaded the data onto his music CDs.
Does this mean that business’s security fears about ‘Cloud’ computing are unfounded? Not really. But instead of suspecting the technology, perhaps they should be looking more closely at the providers. Here’s why.
In spite of all the literature of “being on the ‘Cloud’,” ‘Cloud’ computing is based out of data centres, quite similar to the ones that support companies’ internal resources. Granted there are multiple data centres at work here, but at the end of the day, they are still data centres. And like all data centres, they are susceptible to security issue like data theft, natural disasters, etc. While the redundancy of multiple data centres does restrict problems due to natural disasters like fire, data theft cannot be ruled out. And this is where the trustworthiness of service providers comes in.
“Can I trust my ‘Cloud’ computing service provider?” – This is the question a business should be asking itself, rather than, “Can I trust ‘Cloud’ computing?” If the business feels that its own data centres are more adept at safeguarding data than its service provider, then its security concerns regarding ‘Cloud’ computing is justified.
This means that a business has to be very careful in choosing its ‘Cloud’ computing service provider. However, a vetting process is natural when selecting a vendor or provider of any service, and thus, ‘Cloud’ computing is no different. Granted, the vetting process may be more stringent than when choosing a stationary supplier, but essentially, the procedure is the same.
A service provider can remain in business as long as it can keep its reputation intact. Therefore, any provider which has been deficient in safeguarding its clients data will fall by the wayside by natural selection. Even a ‘Cloud’ computing pioneer like Amazon has faced flak for removing Wiki Leaks’ data from its servers citing breach of contract. Therefore, for a business it is important that the contract fine print is closely examined before it signs on the dotted line.
At the end of the day, while we would not go so far as to say ‘Cloud’ computing is completely secure, we believe that it’s secure enough for most companies. The fact that no IT system is completely secure, not even the internal data centre with multiple firewalls, restricted access and housed in a fire-resistant, earthquake-proof building.
Of course, with the technology undergoing improvements by the day, waiting for a few months may not be wrong. At the same time that has to be weighed against possible benefits that the business will lose out on by moving to the ‘Cloud’. In other words, ‘Cloud’ computing should not be considered untouchable simply because of security concerns, but all arguments weighed before a final decision is taken.
Remember, if you truly want a system that is 100% secure, perhaps you should look at getting a personal computer that remains at one place in your home, is not connected to the Internet, does not accept external media like CD’s and flash drives, and to which only you have the password, where it is kept in a bank safe. But then again, that wouldn’t help you, or your business, do much work! ‘Cloud’ computing is here to stay, and in all probability, is going to revolutionise how we do business.
For more information on how you can benefit from the ‘Cloud’ please contact our Solutions Consultants on