Matthew Hall July 02, 2012
Mitigating risk in the cloud is top priority for businesses buying services
Who should you trust with your data when every cloud promises a silver lining?
While vendors claim cloud computing is more secure than on-premise data centres others suggest only user experience will eventually allay security fears to break down adoption barriers for wary enterprises. After all, who now keeps cash under a bed?
Cloud computing refers to computer resources that can be turned on or off and scaled up or down, depending on demand. It is increasingly used by businesses to supplement or replace their on-site computing facilities.
Companies such as Google, Amazon Web Services, HP, Microsoft, Fujitsu, IBM and Oracle offer cloud services for businesses and government agencies.
According to HP's Thomas Ryan, the comparison with banks – trusting a second or third party with important material – resonates.
"It's human nature to be leery of change and to let the other guy go first," Ryan says. "In the early 1900s, everyone kept their money in their mattress and then somehow everyone began to trust the central bank.
"Now, no rational person would think about stashing their life savings in attic of their home. It's a matter of timing and a matter of building trust."
Then again, as a cloud services provider, Ryan would say that. On the flipside, users suggest the best way to build trust in developing technologies is simple – take responsibility and employ normal risk management procedures before making a jump.
Ben Issa, head of IT strategy for ING Direct, says while his company has been an early adopter and employed cloud solutions for several projects, including the recently launched Bank-In-A-Box - a virtual clone of the bank's infrastructure used for testing and provisioning new applications -, cloud is not used "for the sake of it".
"The organisation had a clear business problem and IT responded with a solution," says Issa. "Just like any project, fears or uncertainties were managed as risks and mitigated in accordance with our delivery processes. The risks with being an early adopter were mitigated by internal processes and research.
"We have processes and capabilities in place that can safely accommodate early technologies to substantiate any fears or risks," he adds. "The design of our private cloud solution is simple and straightforward which significantly helps in managing any risks and fears upfront."
Still, trust remains a challenge for cloud adoption. A Telstra survey of almost 200 large organisations across Australia discovered data sovereignty and security were primary concerns for its customers.
Telstra pitches its local secure data centres as a solution for those concerns. However, for some observers, it is only a matter of time before something, somewhere, goes wrong and the industry faces some rigorous legal tests.
"Something is going to happen," predicts Douglas Heintzman, director of strategy for IBM's collaboration solutions division in New York.
"It is going to end up in court or it is going to be out in public and we are going to have to get serious about security and making sure that those things aren't leaking when they shouldn't be and intellectual property is handled appropriately."
If that's not enough to be concerned by, Heintzman believes it's not only in securing private data where trust comes under threat – the veracity of public data must also be trusted.
Apple's Siri potentially getting an obscure sports result incorrect or a doctor cloud-sourcing an inaccurate cancer diagnosis are two opposite examples of potential misinformation that underline how important trusting data must become.
"So many of us are getting so much of our information from little bits and pieces," says Heintzman. "I read something on a blog and suddenly it's news. Just because it is on the internet doesn't mean that it is true.
"Along with privacy and security, I think we need to introduce the concept of [data] trustworthiness as one of the major pillars of the nature of content and how it needs to be secured."