Whether it's a cloud provider or conventional hosting environment, outsourcing any aspect of your IT infrastructure comes with risk, from general availability to security concerns to complex regulatory issues.
Security tops the list of concerns with cloud computing, cited by 57% of respondents to an InformationWeek survey of business technology pros, ahead of application and system performance, the financial viability of the provider, and the provider's business continuity readiness.
In theory, a cloud provider's IT operations and security practices should be top-notch, because running data centers is its entire business. You pay it to have that expertise. Nine of the 12 providers have SAS 70 Type II security certification. The same number also undergo security assessments either by a third party or internal security team. But only five of them make the results of those assessments available to potential customers.
We've addressed some basic security issues in our table, but customers must drill down further. For example, firewalls are essential, but what about the provider's application development life cycle? Does the provider practice secure application development to ensure a minimum of bugs and potential vulnerabilities in its applications? What are its policies around scanning for and patching critical vulnerabilities? Can the provider ensure that your server instances, and the data associated with them, will remain in a specific location? These are just the questions to start the conversation.
This summer has set the stage for a transformation in public cloud computing. A market once dominated by plain-vanilla, dirt-cheap Web hosting is segmenting as new models emerge to address uses from testing and research to critical applications and sensitive data--all at a higher price point, of course. We can expect further segmentation around price, security, availability, and expertise as the public cloud matures and adoption increases.
In a year's time, don't be surprised if the toughest question has shifted from "Should you be using infrastructure as a service?" to "How are you managing the workloads you have running among different cloud providers?"
Photo illustration by Sek Leung