On a recent teach of the Learning Tree Cloud Computing Technologies course, attendees cited security as their primary concern relating to cloud computing. The technical and commercial benefits that cloud computing brings an organisation were eagerly accepted, but security was continuously questioned and put forward as a potential barrier to cloud adoption.
On discussing this further, the questions ‘where is my data?’ and ‘who can access my data?’ were the real concerns. Whilst totally understandable, security needs to be considered in much more detail to provide satisfactory answers to these questions as well as many others. Cloud computing is a general term that covers infrastructure, platforms and software applications all delivered as a service. Given this broad scope of services, it follows that the term security also covers many different areas such as application security, access security, network security and more.
Relating to the two security questions above, data could mean application data, server configuration data, application code amongst many other types of data. Security of data is not only the responsibility of the cloud provider, but also of the cloud user. In addition, questions such as ‘whose responsibility is security when data is in transit between the cloud provider and the end user?’ need to be addressed. So how can progress be made to improve security and importantly gain the confidence of potential adopters of cloud computing?
The Banking Analogy:
Maybe we can draw an analogy with banking. One of the most valuable resources we as individuals own is our money. Now just for a moment consider this: where is your money currently? where is it located? how do you gain access your money? who has access to your financial details? Are you concerned not knowing the answer to these questions? Yet is storing data in the cloud not similar to having your banking details available over the Internet? Most of us are happy to handle our financial details using a public network to which millions of people have access without ever knowing or needing to know where our financial data is stored. We have confidence that our data is secure. The reason we are happy to do so? Governance. The banking world has a number of standards and regulatory procedures that must be followed and adhered to which gives us as customers the confidence that we can trust the banking systems.
To install a similar level of confidence in cloud computing, governance is urgently required. With appropriate governance, trust in the cloud will grow and accelerate widespread adoption.