Cloud computing security skeptics abound

There are lingering questions about where data might be stored geographically, or what contractual arrangements are required in the event of a data breach, or how back-up is done

The prospect of data security in cloud computing — particularly public-cloud computing — has security professionals taking a cautious approach.

"We are a very conservative risk-adverse company by nature," says Mark Pfefferman, assistant vice president and director of identity and access-management program at Western & Southern Financial Group. "As a life-insurance company, managing risk is part of our DNA." While his company has outsourced some data applications such as payroll to ADP, Pfefferman says there's no interest in turning to a cloud provider to store and process customer-related data.

Top cloud computing security risk: One company gets burned

The main reason springs from the sense that "I don't feel I have good control of the data out in the cloud," Pfefferman says. The company retains its own data center with a staff of IT professionals, and a look at some of the possibilities in cloud computing has left the impression that it not only is not as much of a cost-savings as sometimes claimed, it raises risks substantially.

There are lingering questions about where data might be stored geographically, or what contractual arrangements are required in the event of a data breach, or how back-up is done, Pfefferman says. While Western & Southern Financial Group is making limited use of Google collaboration applications, the intention is to avoid inclusion of any sensitive information.

Gartner Symposium ITxpo preview

These are some of the issues related to cloud computing that will come under focus at the Gartner Symposium ITxpo next week in Orlando, the annual techfest which this year features keynote addresses from Cisco CEO John Chambers, Microsoft CEO Steve Ballmer and Salesforce.com CEO Marc Benioff.

Among numerous Gartner conference sessions related to enterprise use of cloud computing will be "Three Styles of Securing Public and private Cloud Computing," with Gartner analyst John Pescatore.

"Fortune 1000 companies have to worry about compliance and security," notes Pescatore, who says there's a lot of reasonable skepticism in those ranks regarding public-cloud computing and security. But he adds that small businesses and city governments, "which don't have two nickels to rub together" in these troubled financial times, are looking at cloud-computing as a less-expensive option.

The federal government is regarded by cloud providers like Microsoft and Google as among the biggest fish to land."Microsoft and Google are chasing the federal e-mail business," says Pescatore, adding he doubts Google really cares much about enterprise business. A recent Gartner report showed Google Gmail has less than 1% of the enterprise e-mail market.

The virtualization of the enterprise is leading to a more direct path to private-cloud computing, according to Pescatore. In addition, cloud-based security services, such as Zscaler, are a good indication of where things are headed.

A recent Harris Interactive survey of 210 IT executives in U.S. businesses paints one picture of cloud adoption and attitudes about it. The survey shows that roughly one-third currently use only private-cloud computing, while another third uses both private and public clouds.

Roughly 1 in 10 uses only public cloud computing, and almost one quarter uses no cloud-computing option at all. Some 43 per cent of the IT execs surveyed said they expect increased use of both public and private cloud platforms, while 29% expect more use of just private-cloud platforms, and five per cent expect increased use of public clouds. Another five per cent had "no plans" regarding use of cloud computing, and seven per cent said they weren't sure.

When asked about security issues, nine out of 10 of these IT executives said they believed confidential data is more secure in private-cloud systems than in public ones.

Lack of end user control in the cloud

In a web cast earlier this week on "the Future of the Perimeter," security experts Nir Zuk and Marcus Ranum didn't mince words in voicing their distrust about cloud computing and security.

"People are turning to application-service providers, like Salesforce.com," said Zuk, co-founder of Palo Alto Networks, adding there are "issues with it."

One issue is the relative lack of control of the enterprise end user with Salesforce, especially when the user is outside the perimeter of the enterprise, perhaps "in an Internet café, such as the ones in Moscow, probably running loads of spyware," Zuk said. He said he didn't have a solution to that security challenge right now, though he's thinking hard on it.

Although Amazon and Rackspace may "significantly cut your cost," said Zuk, it's like taking your head and putting it in the sand because among the major challenges there, "you really don't know what security these companies are running." He added you also are not likely to know "your neighbors on the machine." There are many issues like this that aren’t being addressed right now, he said.

Ranum, chief security officer at Tenable Network Security and a security instructor, predicts that five years from now "we'll see some of the cracks in cloud computing," and "what's hot today" will be "the security problem five years from now." In addition, Ranum predicts that people should consider that once people rush into cloud computing, "prices could go up."

"Once everyone is nicely locked in, prices will go up — then they'll go back to the desktop," Ranum said.

And any explanation given by cloud computing providers that they can't always tell you where your data is should be viewed critically, he suggests. "You should know where your data is at all times," Ranum concluded.

Read more about data center in Network World's Data Center section.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitycloud computinginternetData Centerhardware systemscloud computing companies

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Essentials

James Cook University - Master of Data Science Online Course

Learn more >

Mobile

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?