The Cloud Reality Is Setting In - InformationWeek
12:31 PM
David Linthicum
David Linthicum
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

The Cloud Reality Is Setting In

A recent survey reveals that cloud computing fears regarding security, data management, total cost of ownership, regulatory and compliance issues, and vendor lock-in have actually increased...

Now that I work almost exclusively in the world of cloud computing, including SaaS, I see a much higher level of skepticism out there around cloud computing. This is best reflected by this recent survey, which highlights the fact that reality is setting in.

"The June 2009 survey, 'CIO On-Demand Services Survey,' reveals that cloud computing fears regarding security, data management, total cost of ownership, regulatory and compliance issues, and vendor lock-in have actually increased as compared with results from a similar survey in August 2008."

The driving force behind this is that guys like yours truly have been pushing more of the downsides of cloud computing, because almost everyone else is pushing the upsides. There are always downsides with upsides, and it's important to understand those before jumping in with both feet into any sort of technical change, including cloud computing.

The results were interesting:

"When it comes to cloud security concerns, for instance, 51 percent of respondents in the June 2009 survey reported having them, compared with 45 percent a year ago. Concern with "loss of control over data" jumped from 26 percent in 2008 to 37 percent in 2009. And the group of IT pros worrying about 'TCO/Measuring ROI' rose from 11 percent to 17 percent."

Core to these issues are control, security, privacy, interoperability and compliance. There are really no easy ways around these issues. As you look at cloud computing you have to consider the architectural challenges with the opportunities.

Control issues are typically around the data. Placing your data in the hands of a cloud provider seems scary, but you're typically doing much riskier and scarier stuff with your data already. I don't think you'll hear stories about cloud computing providers who "leak" data, as much as data being compromised via stolen laptops, or a disgruntled employee who loads up those nice 10 GB thumb drives you can find at Costco and walks out the door. You just need to drive a bit of planning here, and you'll be okay.

Security and privacy are related to control, and control is what really drives the fear around cloud computing. In truth, a cloud computing system can actually be more secure than your on-premise systems if you do some advanced planning and leverage the right mechanisms. It works fine, but you'll never be at the same security level as if your systems were locked in your data center with limited network access. Either you get over that fear, or you don't do cloud computing.

Interoperability is always going to be a core concern with cloud computing providers; there are just no good standards in place or reasons to follow them. If you're thinking about creating code and data that can move from provider to provider while still leveraging native features to make the systems more valuable, dream on. There are no good options here. Either you use a least-common-denominator approach -- where the applications are less valuable to the end user but run everywhere -- or you create deep hooks into a particular provider to make the systems more feature-rich. But the latter also means you have a fat chance of moving the application from one provider to another without spending a lot of money and time.

Compliance is easy. Either it's legal, or not. Make sure to check out the actual laws and rules, including things like SOX compliance. I find that, in many instances, things perceived as compliance issues really reflect a lack of understanding of the law and the rules. Most laws and rules don't take issue with systems and data existing outside of the firewall, but there are privacy concerns to consider within verticals such as finance and healthcare.

A bit of skepticism is healthy, but arm yourself with the facts.A recent survey reveals that cloud computing fears regarding security, data management, total cost of ownership, regulatory and compliance issues, and vendor lock-in have actually increased...

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll