Biggest Cloud Challenge: Security
Hardly a shock but validates the need for a meaningful security conversation between Cloud providers and potential Cloud customers…
As part of our ongoing research into Cloud Computing, IDC recently conducted a survey of 244 IT executives/CIOs and their line-of-business (LOB) colleagues about their companies’ use of, and views about, IT Cloud Services. Successful suppliers will need to address both the biggest challenges of cloud services, and the biggest traditional IT user issues.In part 1, we looked at current and future adoption of IT cloud services. In part 2, we looked at users’ views about the key benefits and challenges of IT cloud services.
What is your Cloud Provider doing to address your security concerns?
If you are curious about Cloud Computing and security, don’t miss out on future posts: subscribe by RSS or subscribe by email.
“Security” can mean many things to many people.
Is it access control - “Can others see and fiddle with my stuff?”
Is it DR - “What happens when the data centre falls over?”
Is it encryption - “Who can see the data flowing between me and the data centre?”
Having said that I’m not taking away that generally it is (as with my clients) still the number one qustion raised.
Amazon recently released a whitepaper that goes into extensive detail on how they are securing the EC2 and S3 systems they’re offering. It covers their physical security controls, such as two factor authentication “3 times” to get to the Data Center floors, and hypervisor and instance isolation.
http://s3.amazonaws.com/aws_blog/AWS_Security_Whitepaper_2008_09.pdf
It was a very interesting read and certainly boosted my confidence in the controls they have in place. While still accepting that we need to assess what sensitive data we store on S3 in the clear, and transiently in EC2, I’m much more comfortable putting our assets ‘in the cloud’ after reading it.
They’re obviously taking security very seriously and appear to be offering full disclosure.
@Mike: Fair point. Although when it comes to definition disagreement, we don’t have to look too far…”Cloud Computing” :-).
@Tristan: It is a positive step in the right direction…will be posting something on this soon.
Thanks both for the comments.
At BlueLock we are continually researching the latest trends and products in virtual security products. We currently incorporate security products from both Shavlik and Checkpoint as a standard part of our cloud configuration.
Jan 16th, 2009 at 11:27 am
[...] to progress the dialogue beyond crying out that the ‘Cloud is insecure’ or just saying ‘the biggest Cloud issue is security’ and get into the nitty gritty details. But my argument is we can only do that if the providers [...]
Apr 22nd, 2009 at 5:40 pm
[...] obstacle to moving to the cloud, for many companies and individuals, is the security question. IDC recently surveyed 244 IT executives and CIOs about their attitudes toward cloud services, and 74.6% said security is the biggest challenge for [...]