Security roadblock to the Cloud; Un-wrapped

Posted on February 28, 2011


The biggest barrier to adoption of Cloud Computing methodologies being thrown at me by customers and the industry itself is currently Security.

It is like some magic wand. Mention the word security and it is like throwing up a Berlin wall, a line in the sand more like it that should not be crossed. When the reality is that the sand is no worse one side than the other, although I would say that for many companies and especially SME’s (Small Medium Enterprise) the difference may be as bad as the Berlin wall.

Working with a diverse client base and reflecting on them with a Systems Auditor (CISA) hat on security is a valid concern for companies considering Cloud Computing. But NOT for the reasons many would acknowledge.

If Apple’s stats are correct and 70% of businesses now use iPad’s and iPhones in the Enterprise then security as already been breached fundamentally, as these devices hold as much corporate IP as any notebook PC with hardly a fig leaf of security.

This reveals perhaps a home truth that there are few organisations with the capital and cashflow capacity to be truly competent in delivering security to the level of diligence they aspire to. Security is the whipping boy for organisations that seem to know no better, and the danger is it blocks innovative business change and adoption of a Cloud operational model, it’s time to educate.

Intrinsic to the Cloud Computing methodologies is the engagement of specialist organisations by Business to deliver key services at economies of scale and in an available, scalable and reliable way to levels of security that can deliver to the business aspirations.

All this is at the fingertips of business now. Services backed by service level guarantees that in general far exceed the capability or purse of the Business itself:

· A new age of corporate compliance where little existed before:

o Data Security – High levels of digital storage and physical storage protection.

o Disaster Recovery – Backup’s real time with restore services.

o Business Continuity – Cloud Computing means you could run your business from anywhere, so office fire, flood or other disaster event is not such an issue.

· Agility to adapt business at short notice with reduced internal IT friction.

· IT resources deployed to billable activities or value add, instead of non-billable as cost centres keeping the lights on internal IT systems.

And many more.

So if the security is actually not as big an issue as it is always played out to be, and there is a better way, what is going on?

In this context I see the two pillars underpinning this Security argument as Risk and Trust; these are what are rally at the heart of the issue, and the factors to be addressed in any Cloud Computing discussion.

Risk – Few organisations actually have a clear idea of what their risk tolerances are. Ask any Business manager and then compare his answer with that of the supporting IT department. In my experience these sit poles apart and represent a principle hurdle to business adopting cloud, as

Trust – That which lies at the core of client retention repeat sales and product commitment, a trust in a relationship and or quality deliverable.

To mitigate the security issue:

1. Qualify and quantify your REAL risk properly – Risk assessment.

2. Work with those you trust and if they cannot help it may be time to build a new relationship?