Looking at the narrative about cloud computing risk continues, it seems there is almost too much work to be done to turn the tide. Among the various concerns is the latest focus on security, and a recently released survey released by ISACA does not help those impressions. Just look at the headlines like "Survey Finds Cloud Computing Risks Outweigh Benefits" and "Cloud Computing is a risky business: IT managers" – Would you propose this to your boss if he might have read this? I have been making these exact same points for some time now.
These impressions are out there, but fear not because IT managers, CTO’s and business at large will take time to get familiar with the concepts and it will change.
What you’ll find is that many times in regards to security, only when faced with regulatory compliance is the matter actually considered. Let’s face it – there are organizations that are going to play the cloud thing loose and right now with all this chatter it is way too easy to blow the whole thing off as "general concerns". If you read this website and many others out there, you know that there are ways of doing this right. Security, compliance, HA, it is all out there and there are many blazing the way.
Some of the keys we well know are diligence, definition, and vision and that applies to what providers, technology and resources you implement. Some people just need this made easy for them and that’s where we are at.
The Knowledge Gap
Another thing we are looking at here is a knowledge gap – one where all aspects of risk must be addressed by the movement. Disclosure on matters of multitenancy, SLA, governance, auditing, logging, and so forth are critical to the continued growth into the IT market. This should serve as a clarion to focus on a trusted standard. I found the following post from Jim Reavis from the Cloud Security Alliance very interesting:
..as Bill Brenner of CSO put it, “Given how expensive it is to maintain in-house hardware and software, the idea of putting one’s IT infrastructure in the cloud sounds downright heavenly.”
Unfortunately, this “heavenly” scenario is marred by real concerns about security – concerns which can range from network security basics like data integrity and identity management to abstruse questions of “local law and jurisdiction where data is held.”
Yes, cloud computing is changing everything from data center architecture to entire business eco-systems. However, as a new paradigm the many complex questions it poses, particularly when it comes to issues of security, governance, and compliance, are effectively preventing (or at least slowing) its widespread adoption.
Cloud technology can solve real problems faced by organizations and enterprises today and will play a major role in the evolution of IT infrastructure going forward. The continuing growth of this field will benefit everyone.
Nevertheless, the speed of this evolution, and the rate of innovation fostered by the cloud more generally, will absolutely be determined by the rate of cloud adoption.
The emergence of a generally accepted cloud security “seal of approval” should allay many of the concerns that stand in the way of this adoption and, ultimately, open the door to a future of practically unlimited opportunity.
Could CSA’s certification provide that standard? It would certainly seem so.