Are Security Issues Delaying Cloud Computing?

Article

Added 1st Jan 2009

Ellen Messmer

"Yes, security is one of the concerns about cloud computing that is delaying its adoption," says Eric Mandel, CEO of managed hosting services provider BlackMesh in Herndon, Virginia. "One of the biggest security concerns about cloud computing is that when you move your information into the cloud, you lose control of it.

Security concerns will continue to keep some companies out of the cloud, Mandel acknowledges.

“Yes, security is one of the concerns about cloud computing that is delaying its adoption.”

Symplified, a start-up providing a cloud-based security service that extends enterprise access-management controls to cloud computing, agrees there's a strong sense of heightened risk.

"We find the focus is on the credentials. It's the key to the kingdom and we find there's a reluctance to have the keys in the cloud," says Eric Olden, CEO at Symplified. He says the providers of cloud computing would further their own cause if they offered more "transparency" in what occurs in the cloud-computing environment.

Burton Group analyst Eric Maiwald, who also contends cloud vendors could be more forthcoming about their security practices, cautions there's a long list of security issues that should be resolved before businesses jump into cloud computing, even if they see cost-savings as a primary driver.

These include how data may be encrypted and stored, how e-discovery can be done if need be, what controls there are and whether the cloud provider has passed a SAS-70 audit.

Dick Mackey, analyst at consultancy SystemExperts, says cloud computing is "a difficult choice for any company considering the platform for protecting sensitive information" because of "the inability or unwillingness of cloud providers to give assurances of the controls surrounding computing resources."

He also argues "it would be difficult to impossible to achieve Payment Card Industry (PCI) compliance in a cloud provided by a service provider given the requirements for understanding precise system and network configurations and controlling access to the systems and the credit-card data."

Vendors aren't standing idly by. They recently formed a Cloud Security Alliance to address just the sort of concerns IT security pros say they have.

latest Articles

CIOs Don't Need to be Business Leaders

Given the complexity of today's applications, it's folly to suggest that the future role of the CIO is less technical and more businesslike, columnist Bernard Golden writes. If anything, it's the opposite -- the business side of the enterprise should embrace technology.
10 Steps to Business Process Transformation

Spurred by the recession, CIOs have sharpened their focus on processes, as companies strive for greater efficiency, and transformed business models, believes Coonie Moore Principal Analyst at Forrester Research.
Keeping IT Up

How IT business continuity is challenged by four tech megatrends: Social, mobile, virtualization and cloud.
5 Things I Have Learned: Alagu Balaraman

Alagu Balaraman, former CIO and current partner and MD India Operations at consultancy firm CGN & Associates, has spent 20 years doing different things and doing things differently.

View all articles

articles

Challenges Facing Global CIOs

The cultural differences they talk of go beyond mastering local etiquettes like handing over visiting cards with both your hands in Singapore or cheek kissing in parts of Europe.

articles

6 Secrets of Successful CIOs

In celebration of our sixth anniversary, here are six stories, six columns and six collections of ideas that will help you take the CIO role—and yourself—further.