Cloud computing security skeptics abound

There are lingering questions about where data might be stored geographically, or what contractual arrangements are required in the event of a data breach, or how back-up is done

The prospect of data security in cloud computing — particularly public-cloud computing — has security professionals taking a cautious approach.

"We are a very conservative risk-adverse company by nature," says Mark Pfefferman, assistant vice president and director of identity and access-management program at Western & Southern Financial Group. "As a life-insurance company, managing risk is part of our DNA." While his company has outsourced some data applications such as payroll to ADP, Pfefferman says there's no interest in turning to a cloud provider to store and process customer-related data.

Top cloud computing security risk: One company gets burned

The main reason springs from the sense that "I don't feel I have good control of the data out in the cloud," Pfefferman says. The company retains its own data center with a staff of IT professionals, and a look at some of the possibilities in cloud computing has left the impression that it not only is not as much of a cost-savings as sometimes claimed, it raises risks substantially.

There are lingering questions about where data might be stored geographically, or what contractual arrangements are required in the event of a data breach, or how back-up is done, Pfefferman says. While Western & Southern Financial Group is making limited use of Google collaboration applications, the intention is to avoid inclusion of any sensitive information.

Gartner Symposium ITxpo preview

These are some of the issues related to cloud computing that will come under focus at the Gartner Symposium ITxpo next week in Orlando, the annual techfest which this year features keynote addresses from Cisco CEO John Chambers, Microsoft CEO Steve Ballmer and CEO Marc Benioff.

Among numerous Gartner conference sessions related to enterprise use of cloud computing will be "Three Styles of Securing Public and private Cloud Computing," with Gartner analyst John Pescatore.

"Fortune 1000 companies have to worry about compliance and security," notes Pescatore, who says there's a lot of reasonable skepticism in those ranks regarding public-cloud computing and security. But he adds that small businesses and city governments, "which don't have two nickels to rub together" in these troubled financial times, are looking at cloud-computing as a less-expensive option.

The federal government is regarded by cloud providers like Microsoft and Google as among the biggest fish to land."Microsoft and Google are chasing the federal e-mail business," says Pescatore, adding he doubts Google really cares much about enterprise business. A recent Gartner report showed Google Gmail has less than 1% of the enterprise e-mail market.

The virtualization of the enterprise is leading to a more direct path to private-cloud computing, according to Pescatore. In addition, cloud-based security services, such as Zscaler, are a good indication of where things are headed.

A recent Harris Interactive survey of 210 IT executives in U.S. businesses paints one picture of cloud adoption and attitudes about it. The survey shows that roughly one-third currently use only private-cloud computing, while another third uses both private and public clouds.

Roughly 1 in 10 uses only public cloud computing, and almost one quarter uses no cloud-computing option at all. Some 43 per cent of the IT execs surveyed said they expect increased use of both public and private cloud platforms, while 29% expect more use of just private-cloud platforms, and five per cent expect increased use of public clouds. Another five per cent had "no plans" regarding use of cloud computing, and seven per cent said they weren't sure.

When asked about security issues, nine out of 10 of these IT executives said they believed confidential data is more secure in private-cloud systems than in public ones.

Lack of end user control in the cloud

In a web cast earlier this week on "the Future of the Perimeter," security experts Nir Zuk and Marcus Ranum didn't mince words in voicing their distrust about cloud computing and security.

"People are turning to application-service providers, like," said Zuk, co-founder of Palo Alto Networks, adding there are "issues with it."

One issue is the relative lack of control of the enterprise end user with Salesforce, especially when the user is outside the perimeter of the enterprise, perhaps "in an Internet café, such as the ones in Moscow, probably running loads of spyware," Zuk said. He said he didn't have a solution to that security challenge right now, though he's thinking hard on it.

Although Amazon and Rackspace may "significantly cut your cost," said Zuk, it's like taking your head and putting it in the sand because among the major challenges there, "you really don't know what security these companies are running." He added you also are not likely to know "your neighbors on the machine." There are many issues like this that aren’t being addressed right now, he said.

Ranum, chief security officer at Tenable Network Security and a security instructor, predicts that five years from now "we'll see some of the cracks in cloud computing," and "what's hot today" will be "the security problem five years from now." In addition, Ranum predicts that people should consider that once people rush into cloud computing, "prices could go up."

"Once everyone is nicely locked in, prices will go up — then they'll go back to the desktop," Ranum said.

And any explanation given by cloud computing providers that they can't always tell you where your data is should be viewed critically, he suggests. "You should know where your data is at all times," Ranum concluded.

Read more about data center in Network World's Data Center section.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cloud computinginternetData Centerhardware systemscloud computing companies

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?